Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

Posted on By infossl
infrastructure, phones, protocols, Security technology, Uncategorized, vulnerabilities

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any … Read More “Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed” »

Surveillance by the New Microsoft Outlook App

Posted on By infossl
data collection, geolocation, microsoft, privacy, Security technology, surveillance, Uncategorized

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s … Read More “Surveillance by the New Microsoft Outlook App” »

Class-Action Lawsuit against Google’s Incognito Mode

Posted on By infossl
browsers, courts, data collection, google, Security technology, Uncategorized

The lawsuit has been settled: Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of … Read More “Class-Action Lawsuit against Google’s Incognito Mode” »

xz Utils Backdoor

Posted on By infossl
backdoors, cybersecurity, hacking, malware, open source, Security technology, social engineering, Uncategorized

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the … Read More “xz Utils Backdoor” »

Declassified NSA Newsletters

Posted on By infossl
Applied Cryptography, foia, history of cryptography, history of security, nsa, Security technology, Uncategorized

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted: Applied Cryptography, for those … Read More “Declassified NSA Newsletters” »

Ross Anderson

Posted on By infossl
cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created … Read More “Ross Anderson” »

Friday Squid Blogging: The Geopolitics of Eating Squid

Posted on By infossl
Security technology, squid, Uncategorized

New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the world at a competitive disadvantage, eroding international law governing … Read More “Friday Squid Blogging: The Geopolitics of Eating Squid” »

Hardware Vulnerability in Apple’s M-Series Chips

Posted on By infossl
apple, encryption, hardware, Security technology, side-channel attacks, Uncategorized

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, … Read More “Hardware Vulnerability in Apple’s M-Series Chips” »