June 2020 – Page 2 – SSL and internet security news

Security and Human Behavior (SHB) 2020

June 19, 2020 infossl

conferences, economicsofsecurity, psychologyofsecurity, Security technology, securityconferences

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It’s being hosted by the University of Cambridge, which in today’s world means we’re all meeting on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro … Read More “Security and Human Behavior (SHB) 2020” »

New Hacking-for-Hire Company in India

June 19, 2020 infossl

hacking, india, phishing, reports, Security technology

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Dark Basin extensively … Read More “New Hacking-for-Hire Company in India” »

Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security

June 18, 2020 infossl

breaches, cia, leaks, reports, Security technology, wikileaks

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »

Zoom Will Be End-to-End Encrypted for All Users

June 17, 2020 infossl

cybersecurity, encryption, Security technology, securityengineering, twofactorauthentication, videoconferencing

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable … Read More “Zoom Will Be End-to-End Encrypted for All Users” »

Bank Card “Master Key” Stolen

June 17, 2020 infossl

banking, breaches, dataprotection, keys, pins, Security technology, theft

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to … Read More “Bank Card “Master Key” Stolen” »

Eavesdropping on Sound Using Variations in Light Bulbs

June 16, 2020 infossl

academicpapers, eavesdropping, Security technology, sidechannelattacks

New research is able to recover sound waves in a room by observing minute changes in the room’s light bulbs. This technique works from a distance, even from a building across the street through a window. Details: In an experiment using three different telescopes with different lens diameters from a distance of 25 meters (a … Read More “Eavesdropping on Sound Using Variations in Light Bulbs” »

Examining the US Cyber Budget

June 15, 2020 infossl

cyberattack, cybersecurity, defense, homelandsecurity, nationalsecuritypolicy, Security technology

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. … Read More “Examining the US Cyber Budget” »

Friday Squid Blogging: Human Cells with Squid-Like Transparency

June 12, 2020 infossl

Security technology, squid

I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Facebook Helped Develop a Tails Exploit

June 12, 2020 infossl

children, exploits, facebook, fbi, pornography, Security technology, vulnerabilities, zeroday

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI had tried to hack … Read More “Facebook Helped Develop a Tails Exploit” »

Another Intel Speculative Execution Vulnerability

June 11, 2020 infossl

exploits, hacking, hardware, intel, keys, Security technology, sidechannelattacks, vulnerabilities

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they — and the research into the Intel ME vulnerability — have shown researchers where to look, more is coming — and what they’ll find will be worse … Read More “Another Intel Speculative Execution Vulnerability” »