encryption – Page 11 – SSL and internet security news

On the Security of Password Managers

February 25, 2019 infossl

encryption, passwords, passwordsafe, Security technology, securityengineering

There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? All password managers we examined sufficiently secured user secrets while in a “not … Read More “On the Security of Password Managers” »

Reconstructing SIGSALY

February 15, 2019 infossl

encryption, historyofcryptography, keys, Security technology

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system. Powered by WPeMatico

Hacking the GCHQ Backdoor

January 25, 2019 infossl

backdoors, cryptowars, cybersecurity, encryption, gchq, hacking, Security technology

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active — silently inserting a secret eavesdropping member into an otherwise end-to-end … Read More “Hacking the GCHQ Backdoor” »

El Chapo’s Encryption Defeated by Turning His IT Consultant

January 16, 2019 infossl

backdoors, courts, drugtrade, encryption, fbi, insiders, keys, Security technology

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system’s secret encryption keys in 2011 after he had moved the network’s servers from Canada to the Netherlands during what he told the cartel’s leaders was a routine upgrade. A Dutch article says that … Read More “El Chapo’s Encryption Defeated by Turning His IT Consultant” »

Alex Stamos on Content Moderation and Security

January 15, 2019 infossl

control, encryption, Security technology, socialmedia

Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off — which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills that are now reflected online … Read More “Alex Stamos on Content Moderation and Security” »

New Australian Backdoor Law

December 12, 2018 infossl

australia, backdoors, cryptography, cryptowars, encryption, Security technology

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad. Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can … Read More “New Australian Backdoor Law” »

Hiding Secret Messages in Fingerprints

November 12, 2018 infossl

academicpapers, encryption, fingerprints, Security technology, steganography

This is a fun steganographic application: hiding a message in a fingerprint image. Can’t see any real use for it, but that’s okay. Powered by WPeMatico

Security of Solid-State-Drive Encryption

November 6, 2018 infossl

academicpapers, encryption, firmware, hardware, reverseengineering, Security technology, securityengineering, vulnerabilities

Interesting research: “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“: Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have … Read More “Security of Solid-State-Drive Encryption” »

Security Vulnerabilities in US Weapons Systems

October 10, 2018 infossl

control, cybersecurity, departmentofdefense, encryption, nationalsecuritypolicy, operationalsecurity, passwords, reports, Security technology, vulnerabilities, weapons

The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they … Read More “Security Vulnerabilities in US Weapons Systems” »

More on the Five Eyes Statement on Encryption and Backdoors

October 1, 2018 infossl

backdoors, cryptography, cryptowars, encryption, intelligence, lawenforcement, privacy, Security technology

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. (Short summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies. … Read More “More on the Five Eyes Statement on Encryption and Backdoors” »