Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable … Read More “Zoom Will Be End-to-End Encrypted for All Users” »
Author: infossl
South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to … Read More “Bank Card “Master Key” Stolen” »
New research is able to recover sound waves in a room by observing minute changes in the room’s light bulbs. This technique works from a distance, even from a building across the street through a window. Details: In an experiment using three different telescopes with different lens diameters from a distance of 25 meters (a … Read More “Eavesdropping on Sound Using Variations in Light Bulbs” »
Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. … Read More “Examining the US Cyber Budget” »
I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI had tried to hack … Read More “Facebook Helped Develop a Tails Exploit” »
Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they — and the research into the Intel ME vulnerability — have shown researchers where to look, more is coming — and what they’ll find will be worse … Read More “Another Intel Speculative Execution Vulnerability” »
New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN applications, from image recognition to natural language processing … Read More “Availability Attacks against Neural Networks” »
New research: “Security Analysis of the Democracy Live Online Voting System“: Abstract: Democracy Live’s OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and (optionally) online voting. Three states — Delaware, West Virginia, and New Jersey — recently announced that they will allow certain voters to cast votes online using OmniBallot, but, … Read More “Security Analysis of the Democracy Live Online Voting System” »
Good interview. Powered by WPeMatico