Category: securityengineering

Auto Added by WPeMatico

Can Consumers’ Online Data Be Protected?

Posted on By infossl
datacollection, essays, hacking, nationalsecuritypolicy, schneiernews, Security technology, securityengineering

Everything online is hackable. This is true for Equifax’s data and the federal Office of Personal Management’s data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn’t mean everything will be hacked. The difference between the two is complex, … Read More “Can Consumers’ Online Data Be Protected?” »

Daniel Miessler on My Writings about IoT Security

Posted on By infossl
books, fear, internetofthings, Security technology, securityengineering

Daniel Miessler criticizes my writings about IoT security: I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything … Read More “Daniel Miessler on My Writings about IoT Security” »

Google Login Security for High-Risk Users

Posted on By infossl
gmail, google, malware, phishing, risks, scanners, Security technology, securityengineering, usb

Google has a new login service for high-risk users. it’s good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s … Read More “Google Login Security for High-Risk Users” »

Security Flaw in Infineon Smart Cards and TPMs

Posted on By infossl
cryptanalysis, cryptography, estonia, idcards, Security technology, securityengineering, smartcards, vulnerabilities

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »

Security Vulnerabilities in AT&T Routers

Posted on By infossl
att, encryption, Security technology, securityengineering, vulnerabilities

They’re actually Arris routers, sold or given away by AT&T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don’t know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which … Read More “Security Vulnerabilities in AT&T Routers” »

Security Flaw in Estonian National ID Card

Posted on By infossl
estonia, idcards, identification, Security technology, securityengineering

We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to … Read More “Security Flaw in Estonian National ID Card” »

Commentary on US Election Security

Posted on By infossl
hacking, nationalsecuritypolicy, Security technology, securityengineering, voting

Good commentaries from Ed Felten and Matt Blaze. Both make a point that I have also been saying: hacks can undermine the legitimacy of an election, even if there is no actual voter or vote manipulation. Felten: The second lesson is that we should be paying more attention to attacks that aim to undermine the … Read More “Commentary on US Election Security” »