Informations about SSL certificates and networks security
The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. Powered by WPeMatico
In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn’t regulate the IoT market. It doesn’t single out any industries for particular attention, or force any companies to do anything. It doesn’t even modify … Read More “IoT Cybersecurity: What’s Plan B?” »
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »
Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This is yet another of a series of marketed attacks; … Read More “New KRACK Attack Against Wi-Fi Encryption” »
It’s International Cephalopod Awareness Days this week, and Tuesday was Squid Day. I can’t believe I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Blog regulars will notice that I haven’t been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it’s the same stories over and over. I don’t like repeating myself. Two, I am busy writing a book. The title … Read More “My Blogging” »
Two related stories: PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker’s clients under her fake name to her real … Read More “Technology to Out Sex Workers” »
This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »
Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky’s network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan … Read More “More on Kaspersky and the Stolen NSA Attack Tools” »
NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s … Read More “Changes in Password Best Practices” »