Category: vulnerabilities

Auto Added by WPeMatico

Critical PGP Vulnerability

Posted on By infossl
cryptanalysis, cryptography, email, encryption, pgp, protocols, Security technology, vulnerabilities

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. … Read More “Critical PGP Vulnerability” »

Security Vulnerabilities in VingCard Electronic Locks

Posted on By infossl
hacking, hotels, patching, Security technology, vulnerabilities

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over close to 15 years of on-and-off analysis … Read More “Security Vulnerabilities in VingCard Electronic Locks” »

Obscure E-Mail Vulnerability

Posted on By infossl
email, gmail, phishing, Security technology, vulnerabilities

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses — if they’re even valid.) Netflix doesn’t ignore dots, so those are … Read More “Obscure E-Mail Vulnerability” »

Another Branch Prediction Attack

Posted on By infossl
academicpapers, hardware, intel, Security technology, sidechannelattacks, vulnerabilities

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here’s another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or … Read More “Another Branch Prediction Attack” »

Israeli Security Attacks AMD by Publishing Zero-Day Exploits

Posted on By infossl
disclosure, exploits, israel, Security technology, vulnerabilities, zeroday

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names — RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA — and logos we’ve come to expect from these sorts of things. What’s new is that the company only gave AMD … Read More “Israeli Security Attacks AMD by Publishing Zero-Day Exploits” »

Artificial Intelligence and the Attack/Defense Balance

Posted on By infossl
artificialintelligence, essays, Security technology, securityengineering, vulnerabilities

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two … Read More “Artificial Intelligence and the Attack/Defense Balance” »

Security Vulnerabilities in Smart Contracts

Posted on By infossl
academicpapers, blockchain, Security technology, vulnerabilities

Interesting research: “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale“: Abstract: Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations … Read More “Security Vulnerabilities in Smart Contracts” »

The Effects of the Spectre and Meltdown Vulnerabilities

Posted on By infossl
cloudcomputing, intel, internetofthings, patching, Security technology, vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors’ manufacturers, and patched­ — at least to the extent possible. This news isn’t really any different from the usual endless stream … Read More “The Effects of the Spectre and Meltdown Vulnerabilities” »

WhatsApp Vulnerability

Posted on By infossl
academicpapers, control, encryption, Security technology, signal, vulnerabilities, whatsapp

A new vulnerability in WhatsApp has been discovered: …the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good … Read More “WhatsApp Vulnerability” »

Yet Another FBI Proposal for Insecure Communications

Posted on By infossl
cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »