cryptography – Page 10 – SSL and internet security news

Major Bluetooth Vulnerability

July 25, 2018 infossl

academicpapers, bluetooth, cryptography, encryption, keys, Security technology, vulnerabilities, wifi, wireless

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all … Read More “Major Bluetooth Vulnerability” »

Defeating the iPhone Restricted Mode

July 18, 2018 infossl

apple, cellphones, cryptanalysis, cryptography, iphone, Security technology

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson in this: security is hard. Apple Computer has one of the … Read More “Defeating the iPhone Restricted Mode” »

Numbers Stations

May 30, 2018 infossl

cryptography, encryption, intelligence, onetimepads, Security technology

On numbers stations. Powered by WPeMatico

Details on a New PGP Vulnerability

May 14, 2018 infossl

cryptography, eavesdropping, email, encryption, pgp, Security technology, signal, vulnerabilities, whatsapp

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL … Read More “Details on a New PGP Vulnerability” »

Critical PGP Vulnerability

May 14, 2018 infossl

cryptanalysis, cryptography, email, encryption, pgp, protocols, Security technology, vulnerabilities

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. … Read More “Critical PGP Vulnerability” »

Ray Ozzie’s Encryption Backdoor

May 7, 2018 infossl

backdoors, cryptography, cryptowars, encryption, keyescrow, lawenforcement, Security technology, securityengineering

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It’s a weird article. It paints Ozzie’s proposal as something that “attains the impossible” and “satisfies both law enforcement and privacy purists,” when (1) it’s barely a proposal, and (2) it’s essentially the … Read More “Ray Ozzie’s Encryption Backdoor” »

NIST Issues Call for “Lightweight Cryptography” Algorithms

May 2, 2018 infossl

algorithms, cryptography, nist, nsa, Security technology

This is interesting: Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant … Read More “NIST Issues Call for “Lightweight Cryptography” Algorithms” »

Two New Papers on the Encryption Debate

March 12, 2018 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, Security technology

Seems like everyone is writing about encryption and backdoors this season. “Policy Approaches to the Encryption Debate,” R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. “Encryption Policy in Democratic Regimes,” East West Institute. I recently blogged about the new National Academies report on the same topic. Here’s a … Read More “Two New Papers on the Encryption Debate” »

New National Academies Report on Crypto Policy

February 16, 2018 infossl

cryptography, encryption, nationalsecuritypolicy, Security technology

The National Academies has just published “Decrypting the Encryption Debate: A Framework for Decision Makers.” It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here. Powered by WPeMatico

Yet Another FBI Proposal for Insecure Communications

January 11, 2018 infossl

cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »