September 2024 – Page 2 – SSL and internet security news

New Chrome Zero-Day

September 10, 2024 infossl

chrome, cryptocurrency, microsoft, North Korea, Security technology, Uncategorized, zero-day

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency. Powered by WPeMatico

Australia Threatens to Force Companies to Break Encryption

September 9, 2024 infossl

australia, backdoors, crypto wars, encryption, laws, Security technology, Uncategorized

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted … Read More “Australia Threatens to Force Companies to Break Encryption” »

Live Video of Promachoteuthis Squid

September 6, 2024 infossl

Security technology, squid, Uncategorized, video

The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy. Powered by WPeMatico

YubiKey Side-Channel Attack

September 6, 2024 infossl

academic papers, cloning, security analysis, Security technology, security tokens, side-channel attacks, Uncategorized

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis. Powered by WPeMatico

Long Analysis of the M-209

September 5, 2024 infossl

encryption, history of cryptography, reports, Security technology, Uncategorized

Really interesting analysis of the American M-209 encryption device and its security. Powered by WPeMatico

Security Researcher Sued for Disproving Government Statements

September 4, 2024 infossl

courts, data loss, lies, ransomware, Security technology, Uncategorized

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Let’s hope the judge throws the case out, but—still—it will serve as … Read More “Security Researcher Sued for Disproving Government Statements” »

List of Old NSA Training Videos

September 3, 2024 infossl

cryptography, foia, history of cryptography, history of security, nsa, Security technology, Uncategorized, videos

The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before. Powered by WPeMatico

SQL Injection Attack on Airport Security

September 2, 2024 infossl

air travel, Security technology, SQL injection, tsa, Uncategorized

Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA … Read More “SQL Injection Attack on Airport Security” »