encryption – Page 11 – SSL and internet security news

Security of Solid-State-Drive Encryption

November 6, 2018 infossl

academicpapers, encryption, firmware, hardware, reverseengineering, Security technology, securityengineering, vulnerabilities

Interesting research: “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“: Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have … Read More “Security of Solid-State-Drive Encryption” »

Security Vulnerabilities in US Weapons Systems

October 10, 2018 infossl

control, cybersecurity, departmentofdefense, encryption, nationalsecuritypolicy, operationalsecurity, passwords, reports, Security technology, vulnerabilities, weapons

The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they … Read More “Security Vulnerabilities in US Weapons Systems” »

More on the Five Eyes Statement on Encryption and Backdoors

October 1, 2018 infossl

backdoors, cryptography, cryptowars, encryption, intelligence, lawenforcement, privacy, Security technology

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. (Short summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies. … Read More “More on the Five Eyes Statement on Encryption and Backdoors” »

Quantum Computing and Cryptography

September 14, 2018 infossl

cryptography, encryption, essays, quantumcomputing, rsa, Security technology

Quantum computing is a new way of computing — one that could allow humankind to perform computations that are simply impossible using today’s computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would … Read More “Quantum Computing and Cryptography” »

GCHQ on Quantum Key Distribution

August 1, 2018 infossl

authentication, cryptography, economicsofsecurity, encryption, gchq, keys, quantumcomputing, quantumcryptography, Security technology

The UK’s GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms — such as … Read More “GCHQ on Quantum Key Distribution” »

Major Bluetooth Vulnerability

July 25, 2018 infossl

academicpapers, bluetooth, cryptography, encryption, keys, Security technology, vulnerabilities, wifi, wireless

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all … Read More “Major Bluetooth Vulnerability” »

Traffic Analysis of the LTE Mobile Standard

July 2, 2018 infossl

academicpapers, cellphones, encryption, phones, Security technology, trafficanalysis, vulnerabilities

Interesting research in using traffic analysis to learn things about encrypted traffic. It’s hard to know how critical these vulnerabilities are. They’re very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. Powered by WPeMatico

IEEE Statement on Strong Encryption vs. Backdoors

June 27, 2018 infossl

backdoors, encryption, keyescrow, nationalsecuritypolicy, Security technology, vulnerabilities

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate … Read More “IEEE Statement on Strong Encryption vs. Backdoors” »

Bypassing Passcodes in iOS

June 26, 2018 infossl

apple, encryption, hacking, ios, passwords, Security technology

Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey’s findings, which claimed to be able to send all combinations of a user’s possible passcode in one go, … Read More “Bypassing Passcodes in iOS” »

E-Mail Vulnerabilities and Disclosure

June 4, 2018 infossl

disclosure, eff, email, encryption, patching, pgp, Security technology, vulnerabilities

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled … Read More “E-Mail Vulnerabilities and Disclosure” »