Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.) Powered by WPeMatico
Interesting destructive attack: “Acoustic Denial of Service Attacks on HDDs“: Abstract: Among storage components, hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and significantly-improved areal density. Such advances in HDDs have made them an inevitable part of numerous computing systems, … Read More “Acoustical Attacks against Hard Drives” »
Funny. Powered by WPeMatico
There’s a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a “really huge dragonfish,” she says. “It took a little while to figure out what’s going on … Read More “Friday Squid Blogging: Gonatus Squid Eating a Dragonfish” »
Interesting essay about Amazon’s smart lock: When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over. You can leave your keys at home and unlock your door with the Amazon Key app — but it’s really built for Amazon deliveries. To share online access with family and friends, I … Read More “Amazon’s Door Lock Is Amazon’s Bid to Control Your Home” »
The story of the recent vulnerability in Apple’s HomeKit. Powered by WPeMatico
Brian Krebs has a long article on the Mirai botnet authors, who pled guilty. Powered by WPeMatico
Now this is good news. The UK’s National Cyber Security Centre (NCSC) — part of GCHQ — found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I’d like believe the US does this, too. Powered by WPeMatico
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and … Read More “Lessons Learned from the Estonian National ID Security Flaw” »