April 2020 – SSL and internet security news

Securing Internet Videoconferencing Apps: Zoom and Others

April 30, 2020 infossl

aes, encryption, internetandsociety, keys, nsa, Security technology, securityengineering, videoconferencing

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if … Read More “Securing Internet Videoconferencing Apps: Zoom and Others” »

How Did Facebook Beat a Federal Wiretap Demand?

April 29, 2020 infossl

aclu, courts, crime, eavesdropping, encryption, facebook, privacy, Security technology, surveillance

This is interesting: Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and the Washington Post on Tuesday asked a … Read More “How Did Facebook Beat a Federal Wiretap Demand?” »

Fooling NLP Systems Through Word Swapping

April 28, 2020 infossl

academicpapers, algorithms, artificialintelligence, machinelearning, Security technology

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural. For example, changing the … Read More “Fooling NLP Systems Through Word Swapping” »

Automatic Instacart Bots

April 27, 2020 infossl

automation, covid19, hacking, Security technology

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip amount, and whether they prefer the first available delivery … Read More “Automatic Instacart Bots” »

Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly

April 24, 2020 infossl

Security technology, squid

This is neat: Deep in the Pacific Ocean, six-foot-long Humboldt squid are known for being aggressive, cannibalistic and, according to new research, good communicators. Known as “red devils,” the squid can rapidly change the color of their skin, making different patterns to communicate, something other squid species are known to do. But Humboldt squid live … Read More “Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly” »

Global Surveillance in the Wake of COVID-19

April 24, 2020 infossl

covid19, facerecognition, privacy, Security technology, surveillance, tracking

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health … Read More “Global Surveillance in the Wake of COVID-19” »

Chinese COVID-19 Disinformation Campaign

April 23, 2020 infossl

china, covid19, disinformation, fakenews, intelligence, propaganda, Security technology

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are … Read More “Chinese COVID-19 Disinformation Campaign” »

New iPhone Zero-Day Discovered

April 22, 2020 infossl

email, exploits, iphone, patching, Security technology, zeroday

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said “we were a bit surprised about who was targeted.” He … Read More “New iPhone Zero-Day Discovered” »

Another Story of Bad 1970s Encryption

April 21, 2020 infossl

backdoors, cryptanalysis, cryptography, historyofcryptography, historyofsecurity, Security technology

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from … Read More “Another Story of Bad 1970s Encryption” »

Vulnerability Finding Using Machine Learning

April 20, 2020 infossl

artificialintelligence, cloudcomputing, cybersecurity, machinelearning, microsoft, Security technology, securityengineering, vulnerabilities

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »