encryption – Page 6 – SSL and internet security news

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

June 4, 2020 infossl

backdoors, encryption, privacy, Security technology, securitypolicies, videoconferencing

Zoom was doing so well…. And now we have this: Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to decipher communications. “Free users for sure we don’t want to give that because … Read More “Zoom’s Commitment to User Security Depends on Whether you Pay It or Not” »

Facebook Announces Messenger Security Features that Don’t Compromise Privacy

May 29, 2020 infossl

encryption, facebook, machinelearning, metadata, Security technology, securityengineering

Note that this is “announced,” so we don’t know when it’s actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The … Read More “Facebook Announces Messenger Security Features that Don’t Compromise Privacy” »

Securing Internet Videoconferencing Apps: Zoom and Others

April 30, 2020 infossl

aes, encryption, internetandsociety, keys, nsa, Security technology, securityengineering, videoconferencing

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if … Read More “Securing Internet Videoconferencing Apps: Zoom and Others” »

How Did Facebook Beat a Federal Wiretap Demand?

April 29, 2020 infossl

aclu, courts, crime, eavesdropping, encryption, facebook, privacy, Security technology, surveillance

This is interesting: Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and the Washington Post on Tuesday asked a … Read More “How Did Facebook Beat a Federal Wiretap Demand?” »

RSA-250 Factored

April 8, 2020 infossl

crowdsourcing, cryptography, encryption, rsa, Security technology

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years RSA-250 matrix: 250 physical core-years The computation involved tens of thousands of machines … Read More “RSA-250 Factored” »

Security and Privacy Implications of Zoom

April 3, 2020 infossl

backdoors, datacollection, encryption, privacy, Security technology, vulnerabilities

Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy … Read More “Security and Privacy Implications of Zoom” »

The EARN-IT Act

March 13, 2020 infossl

backdoors, children, cryptography, cryptowars, encryption, Security technology

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners … Read More “The EARN-IT Act” »

Let’s Encrypt Vulnerability

March 4, 2020 infossl

certificates, encryption, Security technology, vulnerabilities

The BBC is reporting a vulnerability in the Let’s Encrypt certificate service: In a notification email to its clients, the organisation said: “We recently discovered a bug in the Let’s Encrypt certificate authority code. “Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of … Read More “Let’s Encrypt Vulnerability” »

Wi-Fi Chip Vulnerability

March 3, 2020 infossl

encryption, hacking, hardware, patching, Security technology, vulnerabilities, wifi

There’s a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry … Read More “Wi-Fi Chip Vulnerability” »

A New Clue for the Kryptos Sculpture

February 6, 2020 infossl

cia, cryptography, encryption, hacking, nsa, Security technology

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he’s getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world’s most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. … Read More “A New Clue for the Kryptos Sculpture” »