Informations about SSL certificates and networks security
Auto Added by WPeMatico
Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the … Read More “CAs Reissue Over One Million Weak Certificates” »
An article I co-wrote — my first law journal article — was cited by the Massachusetts Supreme Judicial Court — the state supreme court — in a case on compelled decryption. Here’s the first, in footnote 1: We understand the word “password” to be synonymous with other terms that cell phone users may be familiar … Read More “I Was Cited in a Court Decision” »
Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it. Powered by WPeMatico
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? All password managers we examined sufficiently secured user secrets while in a “not … Read More “On the Security of Password Managers” »
Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system. Powered by WPeMatico
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active — silently inserting a secret eavesdropping member into an otherwise end-to-end … Read More “Hacking the GCHQ Backdoor” »
Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system’s secret encryption keys in 2011 after he had moved the network’s servers from Canada to the Netherlands during what he told the cartel’s leaders was a routine upgrade. A Dutch article says that … Read More “El Chapo’s Encryption Defeated by Turning His IT Consultant” »
Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off — which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills that are now reflected online … Read More “Alex Stamos on Content Moderation and Security” »
Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad. Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can … Read More “New Australian Backdoor Law” »
This is a fun steganographic application: hiding a message in a fingerprint image. Can’t see any real use for it, but that’s okay. Powered by WPeMatico