SSL and internet security news – Page 30 – Informations about SSL certificates and networks security

New Windows/Linux Firmware Attack

December 12, 2023 infossl

bios, exploits, firmware, linux, Security technology, Uncategorized, vulnerabilities, windows

Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux…. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating … Read More “New Windows/Linux Firmware Attack” »

Facebook Enables Messenger End-to-End Encryption by Default

December 11, 2023 infossl

cybersecurity, encryption, facebook, Meta, Security technology, Uncategorized

It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread. Powered by WPeMatico

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

December 8, 2023 infossl

operational security, restaurants, Security technology, squid, Uncategorized

Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social media platform WeChat. What she … Read More “Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code” »

New Bluetooth Attack

December 8, 2023 infossl

authentication, bluetooth, cyberattack, man-in-the-middle attacks, secrecy, Security technology, Uncategorized, vulnerabilities

New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, … Read More “New Bluetooth Attack” »

Spying through Push Notifications

December 7, 2023 infossl

metadata, national security policy, privacy, Security technology, spyware, surveillance, transparency, Uncategorized

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a statement, Apple said … Read More “Spying through Push Notifications” »

Security Analysis of a Thirteenth-Century Venetian Election Protocol

December 6, 2023 infossl

academic papers, cybersecurity, history of security, italy, protocols, Security technology, Uncategorized, voting

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader … Read More “Security Analysis of a Thirteenth-Century Venetian Election Protocol” »

AI and Mass Spying

December 5, 2023 infossl

artificial intelligence, espionage, privacy, Security technology, surveillance, Uncategorized

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents … Read More “AI and Mass Spying” »

AI and Trust

December 4, 2023 infossl

artificial intelligence, essays, Liars and Outliers, regulation, Security technology, trust, Uncategorized

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted … Read More “AI and Trust” »

Friday Squid Blogging: Strawberry Squid in the Galápagos

December 1, 2023 infossl

Security technology, squid, Uncategorized

Scientists have found Strawberry Squid, “whose mismatched eyes help them simultaneously search for prey above and below them,” among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. … Read More “Friday Squid Blogging: Strawberry Squid in the Galápagos” »

AI Decides to Engage in Insider Trading

December 1, 2023 infossl

academic papers, artificial intelligence, cheating, deception, insiders, LLM, Security technology, Uncategorized

A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails … Read More “AI Decides to Engage in Insider Trading” »