Informations about SSL certificates and networks security
Auto Added by WPeMatico
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government … Read More “An iCloud Backdoor Would Make Our Phones Less Safe” »
Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.” Powered by WPeMatico
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted … Read More “Australia Threatens to Force Companies to Break Encryption” »
No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is … Read More “Supply Chain Attack against Courtroom Software” »
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular … Read More “Other Attempts to Take Over Open Source Projects” »
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces … Read More “Backdoor in XZ Utils That Almost Happened” »
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the … Read More “xz Utils Backdoor” »
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to … Read More “New iPhone Exploit Uses Four Zero-Days” »
This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed … Read More “Bounty to Recover NIST’s Elliptic Curve Seeds” »
Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the … Read More “Signal Will Leave the UK Rather Than Add a Backdoor” »