Month: January 2017

New White House Privacy Report

Posted on By infossl
nationalsecuritypolicy, privacy, reports, Security technology

Two days ago, the White House released a report on privacy: “Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation.” The report summarizes things the administration has done, and lists future challenges: Areas for Further Attention Technology will pose new consumer privacy and security challenges. Emerging technology may simultaneously create new challenges and opportunities … Read More “New White House Privacy Report” »

Heartbeat as Biometric Password

Posted on By infossl
authentication, biometrics, identification, Security technology

There’s research in using a heartbeat as a biometric password. No details in the article. My guess is that there isn’t nearly enough entropy in the reproducible biometric, but I might be surprised. The article’s suggestion to use it as a password for health records seems especially problematic. “I’m sorry, but we can’t access the … Read More “Heartbeat as Biometric Password” »

WhatsApp Security Vulnerability

Posted on By infossl
backdoors, encryption, facebook, Security technology, signal, usability, vulnerabilities, whatsapp

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force … Read More “WhatsApp Security Vulnerability” »

Internet Filtering in Authoritarian Regimes

Posted on By infossl
academicpapers, censorship, cybersecurity, Security technology

Interesting research: Sebastian Hellmeier, “The Dictator’s Digital Toolkit: Explaining Variation in Internet Filtering in Authoritarian Regimes,” Politics & Policy, 2016 (full paper is behind a paywall): Abstract: Following its global diffusion during the last decade, the Internet was expected to become a liberation technology and a threat for autocratic regimes by facilitating collective action. Recently, … Read More “Internet Filtering in Authoritarian Regimes” »

NSA Given More Ability to Share Raw Intelligence Data

Posted on By infossl
Security technology

President Obama has changed the rules regarding raw intelligence, allowing the NSA to share raw data with the US’s other 16 intelligence agencies. The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These … Read More “NSA Given More Ability to Share Raw Intelligence Data” »

Twofish Power Analysis Attack

Posted on By infossl
academicpapers, cryptanalysis, cryptography, encryption, Security technology, sidechannelattacks, twofish

New paper: “A Simple Power Analysis Attack on the Twofish Key Schedule.” This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the … Read More “Twofish Power Analysis Attack” »