March 2021 – Page 2 – SSL and internet security news

On the Insecurity of ES&S Voting Machines’ Hash Code

March 16, 2021 infossl

authentication, certifications, hashes, Security technology, Uncategorized, voting

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s … Read More “On the Insecurity of ES&S Voting Machines’ Hash Code” »

Security Analysis of Apple’s “Find My…” Protocol

March 15, 2021 infossl

academic papers, apple, bluetooth, crowdsourcing, de-anonymization, privacy, reverse engineering, security analysis, Security technology, tracking, Uncategorized

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an … Read More “Security Analysis of Apple’s “Find My…” Protocol” »

Friday Squid Blogging: On SQUIDS

March 12, 2021 infossl

Security technology, squid, Uncategorized

A good tutorial: But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and normal materials, we can make the quantum electronic equivalents of transistors and diodes such as Superconducting Tunnel Junctions (SJTs) and Superconducting Quantum Interference Devices (affectionately known as SQUIDs). These devices … Read More “Friday Squid Blogging: On SQUIDS” »

Metadata Left in Security Agency PDFs

March 12, 2021 infossl

academic papers, metadata, security analysis, Security technology, Uncategorized

Really interesting research: “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by … Read More “Metadata Left in Security Agency PDFs” »

Fast Random Bit Generation

March 11, 2021 infossl

academic papers, Fortuna, random numbers, Security technology, Uncategorized

Science has a paper (and commentary) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can be cleaned up with something like Fortuna. Powered by WPeMatico

More on the Chinese Zero-Day Microsoft Exchange Hack

March 10, 2021 infossl

china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

On Not Fixing Old Vulnerabilities

March 9, 2021 infossl

malware, patching, Security technology, Uncategorized, vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 20132017, which indicates a lack of recent software updates,” the reported stated. 26%!? One in four networks? … Read More “On Not Fixing Old Vulnerabilities” »

Hacking Digitally Signed PDF Files

March 8, 2021 infossl

academic papers, adobe, hacking, Security technology, signatures, Uncategorized

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities … Read More “Hacking Digitally Signed PDF Files” »

Friday Squid Blogging: Vampire Squid Fossil

March 5, 2021 infossl

Security technology, squid, Uncategorized

A 30-million-year-old vampire squid fossil was found, lost, and then re-found in Hungary. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

No, RSA Is Not Broken

March 5, 2021 infossl

cryptanalysis, cryptography, rsa, Security technology, Uncategorized

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.” It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even … Read More “No, RSA Is Not Broken” »