January 2019 – Page 2 – SSL and internet security news

Evaluating the GCHQ Exceptional Access Proposal

January 18, 2019 infossl

backdoors, computersecurity, crime, cryptowars, eavesdropping, essays, gchq, lawenforcement, Security technology, vulnerabilities

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems … Read More “Evaluating the GCHQ Exceptional Access Proposal” »

Prices for Zero-Day Exploits Are Rising

January 17, 2019 infossl

businessofsecurity, economicsofsecurity, exploits, Security technology, vulnerabilities, zeroday

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple’s iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and … Read More “Prices for Zero-Day Exploits Are Rising” »

El Chapo’s Encryption Defeated by Turning His IT Consultant

January 16, 2019 infossl

backdoors, courts, drugtrade, encryption, fbi, insiders, keys, Security technology

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system’s secret encryption keys in 2011 after he had moved the network’s servers from Canada to the Netherlands during what he told the cartel’s leaders was a routine upgrade. A Dutch article says that … Read More “El Chapo’s Encryption Defeated by Turning His IT Consultant” »

Alex Stamos on Content Moderation and Security

January 15, 2019 infossl

control, encryption, Security technology, socialmedia

Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off — which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills that are now reflected online … Read More “Alex Stamos on Content Moderation and Security” »

Friday Squid Blogging: New Giant Squid Video

January 11, 2019 infossl

Security technology, squid, video

This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Using a Fake Hand to Defeat Hand-Vein Biometrics

January 11, 2019 infossl

authentication, biometrics, identification, Security technology

Nice work: One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user’s veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for example. But with that … Read More “Using a Fake Hand to Defeat Hand-Vein Biometrics” »

Security Vulnerabilities in Cell Phone Systems

January 10, 2019 infossl

cellphones, eavesdropping, economicsofsecurity, lawenforcement, nationalsecuritypolicy, Security technology, securityengineering, vulnerabilities

Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August … Read More “Security Vulnerabilities in Cell Phone Systems” »

EU Offering Bug Bounties on Critical Open-Source Software

January 9, 2019 infossl

eu, incentives, opensource, Security technology

The EU is offering “bug bounties on Free Software projects that the EU institutions rely on.” Slashdot thread. Powered by WPeMatico

Machine Learning to Detect Software Vulnerabilities

January 8, 2019 infossl

artificialintelligence, economicsofsecurity, essays, machinelearning, Security technology, vulnerabilities

No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don’t know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the resultant arms race between the two I want to talk about software vulnerabilities. All software … Read More “Machine Learning to Detect Software Vulnerabilities” »

New Attack Against Electrum Bitcoin Wallets

January 7, 2019 infossl

bitcoin, cryptocurrency, fraud, hacking, Security technology, twofactorauthentication

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious … Read More “New Attack Against Electrum Bitcoin Wallets” »