June 2018 – Page 2 – SSL and internet security news

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

June 20, 2018 infossl

apple, authentication, banking, ios, Security technology, sms, twofactorauthentication, usability

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points … Read More “Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill” »

Free Societies are at a Disadvantage in National Cybersecurity

June 19, 2018 infossl

cyberattack, cybercrime, cyberespionage, cybersecurity, nationalsecuritypolicy, privacy, Security technology

Jack Goldsmith and Stuart Russell just published an interesting paper, making the case that free and democratic nations are at a structural disadvantage in nation-on-nation cyberattack and defense. From a blog post: It seeks to explain why the United States is struggling to deal with the “soft” cyber operations that have been so prevalent in … Read More “Free Societies are at a Disadvantage in National Cybersecurity” »

Ridiculously Insecure Smart Lock

June 18, 2018 infossl

bluetooth, locks, physicalsecurity, Security technology

Tapplock sells an “unbreakable” Internet-connected lock that you can open with your fingerprint. It turns out that: The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, … Read More “Ridiculously Insecure Smart Lock” »

Friday Squid Blogging: Cephalopod Week on Science Friday

June 15, 2018 infossl

Security technology, squid

It’s Cephalopod Week! “Three hearts, eight arms, can’t lose.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Thomas Dullien on Complexity and Security

June 14, 2018 infossl

audio, complexity, conferences, Security technology, securityconferences, securityengineering, video

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I’ve ever provided. Video. Slides. Powered by WPeMatico

Russian Censorship of Telegram

June 13, 2018 infossl

android, apple, censorship, cloudcomputing, iphone, russia, Security technology, signal, telegram, whatsapp

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their … Read More “Russian Censorship of Telegram” »

New iPhone OS May Include Device-Unlocking Security

June 12, 2018 infossl

apple, cybersecurity, ios, iphone, operatingsystems, Security technology, securityengineering

iOS 12, the next release of Apple’s iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the … Read More “New iPhone OS May Include Device-Unlocking Security” »

Router Vulnerability and the VPNFilter Botnet

June 11, 2018 infossl

botnets, essays, fbi, internet, malware, nationalsecuritypolicy, networksecurity, russia, Security technology

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it’s a harbinger of the sorts of pervasive threats from nation-states, criminals and hackers that we should expect in coming years. VPNFilter is a sophisticated piece … Read More “Router Vulnerability and the VPNFilter Botnet” »

Friday Squid Blogging: Extinct Relatives of Squid

June 8, 2018 infossl

Security technology, squid

Interesting fossils. Note that a poster is available. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

New Data Privacy Regulations

June 8, 2018 infossl

Security technology

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the internet. Right now, the only way we can force these companies to take our privacy more seriously is through the market. But … Read More “New Data Privacy Regulations” »