Category: cryptography

Auto Added by WPeMatico

Yubico Security Keys with a Crypto Flaw

Posted on By infossl
cryptography, encryption, firmware, keys, randomnumbers, Security technology, securityengineering, securitytokens

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys … Read More “Yubico Security Keys with a Crypto Flaw” »

MongoDB Offers Field Level Encryption

Posted on By infossl
authentication, cryptography, encryption, hacking, keys, Security technology

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a “client-side” encryption scheme, databases utilizing Field Level Encryption … Read More “MongoDB Offers Field Level Encryption” »

How Apple’s “Find My” Feature Works

Posted on By infossl
apple, cryptography, iphone, privacy, scams, Security technology, tracking, wifi

Matthew Green intelligently speculates about how Apple’s new “Find My” feature works. If you haven’t already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: If your device is constantly emitting … Read More “How Apple’s “Find My” Feature Works” »

Fraudulent Academic Papers

Posted on By infossl
academicpapers, cryptography, essays, fakenews, fraud, Security technology

The term “fake news” has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it’s hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise reasonable people believe … Read More “Fraudulent Academic Papers” »

Germany Talking about Banning End-to-End Encryption

Posted on By infossl
cryptography, cryptowars, encryption, germany, Security technology

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn’t say how. (Cory Doctorow has previously explained why this would be impossible.) The article is … Read More “Germany Talking about Banning End-to-End Encryption” »

Why Are Cryptographers Being Denied Entry into the US?

Posted on By infossl
borders, cryptography, nationalsecuritypolicy, Security technology, securityconferences

In March, Adi Shamir — that’s the “S” in RSA — was denied a US visa to attend the RSA Conference. He’s Israeli. This month, British citizen Ross Anderson couldn’t attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I’ve heard of two other prominent cryptographers … Read More “Why Are Cryptographers Being Denied Entry into the US?” »

Maliciously Tampering with Medical Imagery

Posted on By infossl
academicpapers, cryptography, hacking, machinelearning, medicine, Security technology, tamperdetection

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don’t think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all … Read More “Maliciously Tampering with Medical Imagery” »