More on Law Enforcement Backdoor Demands

Posted on By infossl
backdoors, encryption, lawenforcement, reports, Security technology, smartphones

The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the “going dark” debate. They have released their report: “Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications … Read More “More on Law Enforcement Backdoor Demands” »

On Cybersecurity Insurance

Posted on By infossl
academicpapers, cybersecurity, insurance, riskassessment, risks, Security technology

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. … Read More “On Cybersecurity Insurance” »

The Doghouse: Crown Sterling

Posted on By infossl
cryptography, doghouse, schneierslaw, Security technology, snakeoil

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious — and amusing — examples of cryptographic “snake oil.” I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant … Read More “The Doghouse: Crown Sterling” »

Massive iPhone Hack Targets Uyghurs

Posted on By infossl
android, apple, hacking, iphone, malware, Security technology, smartphones, windows, zeroday

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google’s Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities … Read More “Massive iPhone Hack Targets Uyghurs” »

Attacking the Intel Secure Enclave

Posted on By infossl
academicpapers, computersecurity, intel, malware, Security technology

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The … Read More “Attacking the Intel Secure Enclave” »

AI Emotion-Detection Arms Race

Posted on By infossl
academicpapers, artificialintelligence, Security technology

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in … Read More “AI Emotion-Detection Arms Race” »