August 2017 – SSL and internet security news

Journalists Generally Do Not Use Secure Communication

August 31, 2017 infossl

email, encryption, pgp, privacy, Security technology, signal, whistleblowers

This should come as no surprise: Alas, our findings suggest that secure communications haven’t yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted communication via their Twitter bios. That’s just 62 out of all the … Read More “Journalists Generally Do Not Use Secure Communication” »

A Framework for Cyber Security Insurance

August 30, 2017 infossl

academicpapers, computersecurity, insurance, laws, Security technology

New paper: “Policy measures and cyber insurance: a framework,” by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017. Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments … Read More “A Framework for Cyber Security Insurance” »

Proof that HMAC-DRBG has No Back Doors

August 30, 2017 infossl

academicpapers, backdoors, cryptography, randomnumbers, Security technology

New research: “Verified Correctness and Security of mbedTLS HMAC-DRBG,” by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security — that its output is pseudorandom — using a hybrid game-based proof. … Read More “Proof that HMAC-DRBG has No Back Doors” »

The NSA’s 2014 Media Engagement and Outreach Plan

August 30, 2017 infossl

intelligence, nsa, Security technology

Interesting post-Snowden reading, just declassified. (U) External Communication will address at least one of “fresh look” narratives: (U) NSA does not access everything. (U) NSA does not collect indiscriminately on U.S. Persons and foreign nationals. (U) NSA does not weaken encryption. (U) NSA has value to the nation. There’s lots more. Powered by WPeMatico

Ross Anderson on the History of the Crypto Wars in the UK

August 29, 2017 infossl

cryptography, cryptowars, encryption, Security technology, uk, videos

Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn’t know as much about Britain’s verson. Hour-long video. Summary. Powered by WPeMatico

Hacking a Phone Through a Replacement Touchscreen

August 28, 2017 infossl

computersecurity, hardware, keylogging, malware, phones, Security technology, spyware

Researchers demonstrated a really clever hack: they hid malware in a replacement smart phone screen. The idea is that you would naively bring your smart phone in for repair, and the repair shop would install this malicious screen without your knowledge. The malware is hidden in touchscreen controller software, which is trusted by the phone. … Read More “Hacking a Phone Through a Replacement Touchscreen” »

Friday Squid Blogging: Prehistoric Dolphins that Ate Squid

August 25, 2017 infossl

Security technology, squid

Paleontologists have discovered a prehistoric toothless dolphin that fed by vacuuming up squid: There actually are modern odontocetes that don’t really use their teeth either. Male beaked whales, for example, usually have one pair of teeth that is only used to fight for females, whose teeth stay completely hidden in their gums. Beaked whales, along … Read More “Friday Squid Blogging: Prehistoric Dolphins that Ate Squid” »

Military Robots as a Nature Analog

August 25, 2017 infossl

drones, military, robotics, Security technology

This very interesting essay looks at the future of military robotics and finds many analogs in nature: Imagine a low-cost drone with the range of a Canada goose, a bird that can cover 1,500 miles in a single day at an average speed of 60 miles per hour. Planet Earth profiled a single flock of … Read More “Military Robots as a Nature Analog” »

Massive Government Data Leak in Sweden

August 24, 2017 infossl

cloudcomputing, databreaches, insiders, leaks, privacy, Security technology, sweden

Seems to be incompetence rather than malice, but a good example of the dangers of blindly trusting the cloud. Powered by WPeMatico

Your Personal Bodycam

August 23, 2017 infossl

cameras, privacy, Security technology, surveillance

Shonin is a personal bodycam up on Kickstarter. There are a lot of complicated issues surrounding bodycams — for example, it’s obvious that police bodycams reduce violence — but the one thing everyone is certain about is that they will proliferate. I’m not sure society is fully ready for the ramifications of this level of … Read More “Your Personal Bodycam” »