Informations about SSL certificates and networks security
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I’ve ever provided. Video. Slides. Powered by WPeMatico
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their … Read More “Russian Censorship of Telegram” »
iOS 12, the next release of Apple’s iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the … Read More “New iPhone OS May Include Device-Unlocking Security” »
On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it’s a harbinger of the sorts of pervasive threats from nation-states, criminals and hackers that we should expect in coming years. VPNFilter is a sophisticated piece … Read More “Router Vulnerability and the VPNFilter Botnet” »
Interesting fossils. Note that a poster is available. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the internet. Right now, the only way we can force these companies to take our privacy more seriously is through the market. But … Read More “New Data Privacy Regulations” »
In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US. I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump, by Michael Isikoff and David Corn. … Read More “An Example of Deterrence in Cyberspace” »
We all know that it happens: when we see a security warning too often — and without effect — we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it. EDITED TO ADD (6/6): This blog post summarizes the findings. Powered by WPeMatico
Ross Anderson has a new paper on cryptocurrency exchanges. From his blog: Bitcoin Redux explains what’s going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a “balance” and allow them to transact with others. However if … Read More “Regulating Bitcoin” »
Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled … Read More “E-Mail Vulnerabilities and Disclosure” »