Informations about SSL certificates and networks security
Auto Added by WPeMatico
This is an interesting tactic, and there’s a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim’s … Read More “Man-in-the-Middle Attack against Electronic Car-Door Openers” »
Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don’t abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with … Read More “Vulnerability in Amazon Key” »
The website key.me will make a duplicate key from a digital photo. If a friend or coworker leaves their keys unattended for a few seconds, you know what to do. Powered by WPeMatico
The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It’s based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are mostly inscrutable to anyone without a Ph.D. … Read More “NSA Brute-Force Keysearch Machine” »
Last August, an unknown group called the Shadow Brokers released a bunch of NSA tools to the public. The common guesses were that the tools were discovered on an external staging server, and that the hack and release was the work of the Russians (back then, that wasn’t controversial). This was me: Okay, so let’s … Read More “Shadow Brokers Releases the Rest of Their NSA Hacking Tools” »
Researchers have demonstrated using Intel’s Software Guard Extensions to hide malware and steal cryptographic keys from inside SGX’s protected enclave: Malware Guard Extension: Using SGX to Conceal Cache Attacks Abstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial … Read More “Using Intel's SGX to Attack Itself” »
ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered: On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itself, and using that to automatically sign all photos and … Read More ““Proof Mode” for your Smartphone Camera” »
Ever since Ian Krstić, Apple’s Head of Security Engineering and Architecture, presented the company’s key backup technology at Black Hat 2016, people have been pointing to it as evidence that the company can create a secure backdoor for law enforcement. It’s not. Matthew Green and Steve Bellovin have both explained why not. And the same … Read More “Apple's Cloud Key Vault” »
We’ve long known that 64 bits is too small for a block cipher these days. That’s why new block ciphers like AES have 128-bit, or larger, block sizes. The insecurity of the smaller block is nicely illustrated by a new attack called “Sweet32.” It exploits the ability to find block collisions in Internet protocols to … Read More “Collision Attacks Against 64-Bit Block Ciphers” »
In a cautionary tale to those who favor government-mandated backdoors to security systems, Microsoft accidentally leaked the key protecting its UEFI Secure boot feature. As we all know, the problems with backdoors are less the cryptography and more the systems surrounding the cryptography. Powered by WPeMatico