encryption – Page 7 – SSL and internet security news

RSA-250 Factored

April 8, 2020 infossl

crowdsourcing, cryptography, encryption, rsa, Security technology

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years RSA-250 matrix: 250 physical core-years The computation involved tens of thousands of machines … Read More “RSA-250 Factored” »

Security and Privacy Implications of Zoom

April 3, 2020 infossl

backdoors, datacollection, encryption, privacy, Security technology, vulnerabilities

Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy … Read More “Security and Privacy Implications of Zoom” »

The EARN-IT Act

March 13, 2020 infossl

backdoors, children, cryptography, cryptowars, encryption, Security technology

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners … Read More “The EARN-IT Act” »

Let’s Encrypt Vulnerability

March 4, 2020 infossl

certificates, encryption, Security technology, vulnerabilities

The BBC is reporting a vulnerability in the Let’s Encrypt certificate service: In a notification email to its clients, the organisation said: “We recently discovered a bug in the Let’s Encrypt certificate authority code. “Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of … Read More “Let’s Encrypt Vulnerability” »

Wi-Fi Chip Vulnerability

March 3, 2020 infossl

encryption, hacking, hardware, patching, Security technology, vulnerabilities, wifi

There’s a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry … Read More “Wi-Fi Chip Vulnerability” »

A New Clue for the Kryptos Sculpture

February 6, 2020 infossl

cia, cryptography, encryption, hacking, nsa, Security technology

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he’s getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world’s most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. … Read More “A New Clue for the Kryptos Sculpture” »

Tree Code

February 5, 2020 infossl

cryptography, encryption, Security technology, steganography

Artist Katie Holten has developed a tree code (basically, a font in trees), and New York City is using it to plant secret messages in parks. Powered by WPeMatico

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

January 23, 2020 infossl

apple, backups, cloudcomputing, cybercrime, encryption, fbi, Security technology

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple … Read More “Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained” »

Critical Windows Vulnerability Discovered by NSA

January 15, 2020 infossl

certificates, cryptography, encryption, exploits, maninthemiddleattacks, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Yesterday’s Microsoft Windows patches included a fix for a critical vulnerability in the system’s crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was … Read More “Critical Windows Vulnerability Discovered by NSA” »

New SHA-1 Attack

January 8, 2020 infossl

academicpapers, certifications, cryptography, encryption, forgery, impersonation, keys, pgp, Security technology, sha1

There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with … Read More “New SHA-1 Attack” »