Security technology – Page 229 – SSL and internet security news

How Signal Is Evading Censorship

December 28, 2016 infossl

academicpapers, censorship, egypt, encryption, Security technology, tls, unitedarabemirates

Signal, the encrypted messaging app I prefer, is being blocked in both Egypt and the UAE. Recently, the Signal team developed a workaround: domain fronting. Signal’s new anti-censorship feature uses a trick called “domain fronting,” Marlinspike explains. A country like Egypt, with only a few small internet service providers tightly controlled by the government, can … Read More “How Signal Is Evading Censorship” »

Security Risks of TSA PreCheck

December 27, 2016 infossl

airtravel, intelligence, Security technology, securitytheater, terrorism, tsa

Former TSA Administrator Kip Hawley wrote an op-ed pointing out the security vulnerabilities in the TSA’s PreCheck program: The first vulnerability in the system is its enrollment process, which seeks to verify an applicant’s identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA’s system for checking airport workers’ identities … Read More “Security Risks of TSA PreCheck” »

Friday Squid Blogging: Squidmas Cards

December 23, 2016 infossl

Security technology, squid

Merry Squidmas. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

Russian Military Using Smartphones to Track Troop Movements

December 23, 2016 infossl

cellphones, geolocation, malware, military, Security technology

Crowdstrike has an interesting blog post about how the Russian military is tracking Ukrainian field artillery units by compromising soldiers’ smartphones and tracking them. News article. Powered by WPeMatico

NIST is Continuing to Work on Post-Quantum-Computing Cryptography Standards

December 23, 2016 infossl

algorithms, cryptography, nist, quantumcomputing, Security technology

NIST is accepting proposals for public-key algorithms immune to quantum computing techniques. Details here. Deadline is the end of November 2017. I applaud NIST for taking the lead on this, and for taking it now when there is no emergency and we have time to do this right. Slashdot thread. Powered by WPeMatico

The Future of Faking Audio and Video

December 22, 2016 infossl

audio, forgery, propaganda, Security technology, videos

This Verge article isn’t great, but we are certainly moving into a future where audio and video will be easy to fake, and easier to fake undetectably. This is going to make propaganda easier, with all of the ill effects we’ve already seen turned up to eleven. I don’t have a good solution for this. … Read More “The Future of Faking Audio and Video” »

The Pro-PGP Position

December 22, 2016 infossl

email, encryption, pgp, Security technology, usability

A few days ago, I blogged an excellent essay by Filippo Valsorda on why he’s giving up on PGP. Neal Walkfield wrote a good rebuttal. I am on Valsorda’s side. I don’t like PGP, and I use it as little as possible. If I want to communicate securely with someone, I use Signal. Powered by … Read More “The Pro-PGP Position” »

Encryption Working Group Annual Report from the US House of Representatives

December 21, 2016 infossl

backdoors, encryption, lawenforcement, nationalsecuritypolicy, Security technology

The Encryption Working Group of the House Judiciary Committee and the House Energy and Commerce Committee has released its annual report. Observation #1: Any measure that weakens encryption works against the national interest. Observation #2: Encryption technology is a global technology that is widely and increasingly available around the world. Observation #3: The variety of … Read More “Encryption Working Group Annual Report from the US House of Representatives” »

Google Releases Crypto Test Suite

December 20, 2016 infossl

Security technology

Google has released Project Wycheproof a test suite designed to test cryptographic libraries against a series of known attacks. From a blog post: In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to … Read More “Google Releases Crypto Test Suite” »

Smartphone Spying as Art

December 19, 2016 infossl

cellphones, malware, Security technology, spyware, theft

A film student put spyware on a smartphone and then allowed it to be stolen. He made a movie of the results. Powered by WPeMatico