Informations about SSL certificates and networks security
Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don’t know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it’s highly likely that … Read More “GreyKey iPhone Unlocker” »
Interesting analysis and speculation. Powered by WPeMatico
Interesting paper “A first look at browser-based cryptojacking“: Abstract: In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, … Read More “Hijacking Computers for Cryptocurrency Mining” »
A good warning, delivered in classic Dan Geer style. Powered by WPeMatico
Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names — RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA — and logos we’ve come to expect from these sorts of things. What’s new is that the company only gave AMD … Read More “Israeli Security Attacks AMD by Publishing Zero-Day Exploits” »
A new species of pygmy squid was discovered in Western Australia. It’s pretty cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
This is a good article on the complicated story of hacker Marcus Hutchins. Powered by WPeMatico
Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two … Read More “Artificial Intelligence and the Attack/Defense Balance” »
One of the effects of GDPR — the new EU General Data Protection Regulation — is that we’re all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here’s a … Read More “The 600+ Companies PayPal Shares Your Data With” »
I don’t know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s … Read More “E-Mailing Private HTTPS Keys” »