Informations about SSL certificates and networks security
We’ve long known that 64 bits is too small for a block cipher these days. That’s why new block ciphers like AES have 128-bit, or larger, block sizes. The insecurity of the smaller block is nicely illustrated by a new attack called “Sweet32.” It exploits the ability to find block collisions in Internet protocols to … Read More “Collision Attacks Against 64-Bit Block Ciphers” »
The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the Internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others’ computers. Those vulnerabilities aren’t being reported, and aren’t getting … Read More “The NSA Is Hoarding Vulnerabilities” »
Interesting research that shows we exaggerate the risks of something when we find it morally objectionable. From an article about and interview with the researchers: To get at this question experimentally, Thomas and her collaborators created a series of vignettes in which a parent left a child unattended for some period of time, and participants … Read More “Confusing Security Risks with Moral Judgments” »
In this article, detailing the Australian and then worldwide investigation of a particularly heinous child-abuse ring, there are a lot of details of the pedophile security practices and the police investigative techniques. The abusers had a detailed manual on how to scrub metadata and avoid detection, but not everyone was perfect. The police used information … Read More “Interesting Internet-Based Investigative Techniques” »
The EFF has a good analysis of all the ways Windows 10 violates your privacy. Powered by WPeMatico
fMRI experiments show that we are more likely to ignore security warnings when they interrupt other tasks. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly — while people are typing, watching a video, uploading files, etc. — results in up to 90 percent … Read More “Research on the Timing of Security Warnings” »
Now’s your chance…. Powered by WPeMatico
Photo of the cutest squid ever. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
Radio noise from a nearby neon-sign transformer made it impossible for people to unlock their cars remotely. Powered by WPeMatico
Andrew Appel has a good two–part essay on securing elections. And three organizations — Verified Voting, EPIC, and Common Cause — have published a report on the risks of Internet voting. The report is primarily concerned with privacy, and the threats to a secret ballot. Powered by WPeMatico