Agregátor RSS

Google Rolls Out New Cloud Encryption Key Management Service

Security News - 10 min 59 sek zpět
The new Google Cloud Platform service will allow enterprises to create, use and rotate encryption keys to protect their data, company says.
Kategorie: Aktuality

PIV-I and Mutlifactor Authentication: The Best Defense for Federal Government Contractors

Security News - 10 min 59 sek zpět
In response to an unprecedented level of espionage and cyber attacks aimed at compromising critical government IT infrastructure-from networks to applications-the federal government last year announced new standards. Regulations have been enacted in 2016 to apply these standards to federal contractors and their subcontractors.
Kategorie: Aktuality

GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug

Security News - 10 min 59 sek zpět
GoDaddy: Due to a software bug, the recently issued certificate for your domain was issued without proper domain validation, and in accordance with industry standards as a Certificate Authority, we will need to revoke your certificate as a precautionary measure. The certificate will be revoked today (January 10) by 9pm Pacific Time. The software bug that created the issue has been remedied. We continue to closely monitor our system.
Kategorie: Aktuality

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

Security News - 10 min 59 sek zpět
No really. Insurer´s details on 60k people lost forever. A UK insurance business has been fined £150,000 for its lax security practices after a hard drive containing customers´ unencrypted information was stolen. The hard drive disappeared from the offices of Royal & Sun Alliance insurance (ironically it prefers the abbreviation RSA) back in 2015.
Kategorie: Aktuality

Kaspersky torpediert SSL-Zertifikatsprüfung

Security News - 10 min 59 sek zpět
Der Schreck der Antiviren-Hersteller hat wieder zugeschlagen: Google-Forscher Tavis Ormandy hat diesmal Schwächen im Umgang mit SSL-Zertifikaten bei Kaspersky aufgedeckt. Und das nicht zum ersten Mal.
Kategorie: Aktuality

A prize for “real-world cryptography” was given to programmers behind AES and the Signal app

Security News - 10 min 59 sek zpět
The first 2017 Levchin Prize recipient was the creator of said encryption, Joan Daemen. Along with his collaborators, Vincent Rijmen and the Keccak team, they are responsible for the development of the AES block cipher and the SHA3 hash function. Daemen was immediately followed by Moxie Marlinspike and Trevor Perrin, who were awarded the 2017 Levchin Prize for their development of the Signal protocol used to encrypt messages in communication systems.
Kategorie: Aktuality

Static Power Side-Channel Analysis of a Threshold Implementation Prototype Chip

Security News - 10 min 59 sek zpět
From abstract—The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme.
Kategorie: Aktuality

The importance of cryptography for the digital society

Security News - 10 min 59 sek zpět
Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA´s paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency´s key messages and views on the topic.
Kategorie: Aktuality

Google Releases Test Set to Check Cryptographic Library Security

Security News - 10 min 59 sek zpět
Google has released a set of tests that developers can use to check some open source cryptographic libraries for known security vulnerabilities.
The company has named the set of tests Project Wycheproof.
Kategorie: Aktuality

Technical developments in Cryptography: 2016 in Review

Security News - 10 min 59 sek zpět
While 2016 may not have been the banner year for cryptographic exploits that 2015 was, researchers around the world continued to advance the state of the art.
  • TLS 1.3 design finalized
  • The quest for post-quantum cryptography continues
  • New thinking on how to backdoor cryptographic algorithms
  • RFC 5114: Another backdoored crypto standard from NIST?
  • Cryptographic deniability pops up in the US presidential election
  • Attacks only get better
  • Out with the old, in with the new: HTTPS still being slowly hardened
Kategorie: Aktuality

Strong non-backdoored encryption is vital – but the Feds should totally be able to crack it, say House committees

Security News - 10 min 59 sek zpět
A bipartisan House working group on encryption has today come to the conclusion that encryption is vital to US national interests, even as it seeks to mitigate the problem the technology can pose for law enforcement. Citing the Federal Bureau of Investigation's effort earlier this year to force Apple to help the agency decrypt an iPhone used by one of the shooters in a 2015 terror attack in San Bernardino, California, the House Judiciary Committee & House Energy and Commerce Committee's Encryption Working Group (EWG) report explores the tension between authorities' desire for access to digital data and the increasingly necessary use of encryption to keep data secure.
Kategorie: Aktuality

NIST requests ideas for crypto that can survive quantum computers

Security News - 10 min 59 sek zpět
The United States´ National Institute of Standards and Technology has issued a Notice and request for nominations for candidate post-quantum algorithms.
The Institute (NIST) has cottoned on to the fact that - If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.
The agency therefore observes, in its explanation of the Notice, that once such machines are widely available: This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. Bruce Schneier: IT World, Maria Korolov:
Kategorie: Aktuality

Giving Up on PGP

Security News - 10 min 59 sek zpět
Filippo Valsorda wrote an excellent essay on why he´s giving up on PGP. I (Bruce Schneier) have long believed PGP to be more trouble than it is worth. It´s hard to use correctly, and easy to get wrong. More generally, e-mail is inherently difficult to secure because of all the different things we ask of it and use it for.
Kategorie: Aktuality

Apple\'s macOS file encryption can be bypassed without latest fixes

Security News - 10 min 59 sek zpět
Custom-made Thunderbolt devices can be used to extract the encryption password from locked Macs.
The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature.
Kategorie: Aktuality

Passwords and Hacking: The Jargon of Cybercrime Explained

Security News - 10 min 59 sek zpět
Described are here shortly some basic terms:

Plain Text, Hashing, Salting, Peppering, Encryption, Hexadecimal
MD5, SHA-1, SHA-2, Bcrypt, PBKDF2, Scrypt
Kategorie: Aktuality

US 'security' biz trio Sentinel Labs, Vir2us, SpyChatter accused of lying about certification

The Register - Anti-Virus - 43 min 1 sek zpět
Watchdog forces them to drop claims of privacy protections

Three US companies have settled with the FTC after they were accused of lying about the security safeguards on their customer information.…

Kategorie: Viry a Červi

Microsoft DeepCoder AI Produces Its Own Code By Ripping Off Existing Software

Home AI - 1 hodina 11 min zpět

Microsoft DeepCoder AI Produces Its Own Code By Ripping Off Existing Software

The execution works because through deep-learning, and smart AI to make sense of it, pieces of code are taken from existing software, letting the …

Link to Full Article

[Link to Full Article]

Kategorie: Transhumanismus

Students show passion for neuroscience at Brain Bee

Home AI - 1 hodina 22 min zpět

Students show passion for neuroscience at Brain Bee

A three-pound human super computer was the focus of the Vermont Brain Bee, held Feb. [Link to Full Article]

Kategorie: Transhumanismus

Should Gene Editing Be a Human Right?

Futurism - Enhanced Humans - 1 hodina 25 min zpět
Genetic Editing for All

We are all subject to the genetic lottery. That’s how it’s always been, and for a while, we thought that was how it would always be.

Then, in 2014, a gene-editing technology called CRISPR was introduced. With CRISPR, geneticists could edit sections of the genome to alter, add, or remove parts of the DNA sequence. To date, it is by far the easiest way we’ve found to manipulate the genetic code, and it is already paving the way for more efficient and effective treatments of conditions with a genetic component. However, the technology brings with it the potential to manipulate and remove simply “unwanted” genes.

CLICK TO VIEW FULL INFOGRAPHIC

While most of the proposed CRISPR applications are focused on editing somatic (non-reproductive) cells, altering germline (reproductive) cells is also a very real possibility. This prospect of editing germline cells and making changes that would be passed on from generation to generation has sparked a heated ethical debate.

The potential to change someone’s DNA even before they are born has led to claims that CRISPR will be used to create “designer babies.” Detractors were appalled at the hubris of science being used to engineer the human race. Supporters, on the other hand, are saying this ability should be a human right.

Rigging the Game

To be fair, most advocates of genetic editing aren’t rallying for support so CRISPR can be used to create a superior human race. Rather, they believe people should have free access to technology that is capable of curing diseases. It’s not about rigging the genetic game — it’s about putting the technique to good use while following a set of ethical recommendations.

To that end, a panel made up of experts chosen by the National Academy of Sciences and the National Academy of Medicine released a series of guidelines that essentially gives gene editing a “yellow light.” These guidelines supports gene editing on the premise that it follows a set of stringent rules and is conducted with proper oversight and precaution.

Obviously, genetic enhancement would not be supported under these guidelines, which leaves some proponents miffed. Josiah Zaynor, whose online company The ODIN sells kits allowing people to conduct simple genetic engineering experiments at home, is among those who are adamant that gene editing should be a human right. He expressed his views on the subject in an interview with The Outline:

We are at the first time in the history of humanity where we can no longer be stuck with the genes we are dealt. As a society we have begun to see how choice is a right, but for some reason when it comes to genetics, some people think we shouldn’t have a choice. I can be smart and attractive, but everyone else should be ugly, fat, and short because those are the genes they were dealt and they should just deal with it.

However, scientific institutions continue to caution against such lax views of genetic editing’s implications. Apart from the ethical questions it raises, CRISPR also faces opposition from various religious sects and legal concerns regarding the technology. Governments seem divided on the issue, with nations like China advancing research, while countries like the U.K., Germany, and the U.S. seem more concerned about regulating it.

The immense potential of gene editing to change humanity means the technology will continue to be plagued by ethical and philosophical concerns. Given the pace of advancement, however, it’s good that we’re having this debate on what and who it should be used for right now.

The post Should Gene Editing Be a Human Right? appeared first on Futurism.

Kategorie: Transhumanismus

Frank Abagnale, world-famous con-man, explains why technology won’t stop breaches

Ars Technica - 1 hodina 29 min zpět

Enlarge / Frank Abagnale, as played by Leonardo DiCaprio in Catch Me If You Can, once pretended to be a doctor. Now he's teaching the health industry about the threat of identity theft. (credit: Dreamworks)

Frank Abagnale is world-famous for pretending to be other people. The former teenage con-man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it's perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers.

"When that occurred," Abagnale recounted to Ars, "I was at the FBI office in Phoenix. I got a call from [a reporter at] the local TV news station, who knew that my identity was stolen, and they wanted a comment. And I said, 'Before I make a comment, what did the State Tax Revenue Office say?' Well, they said they did nothing wrong. I said that would be absolutely literally impossible. All breaches happen because people make them happen, not because hackers do it. Every breach occurs because someone in that company did something they weren't supposed to do, or somebody in that company failed to do something they were supposed to do." As it turned out (as a Secret Service investigation determined), a government employee had taken home a laptop that shouldn't have left the office and connected it—unprotected—to the Internet.

Government breaches of personal information have become all too common, as demonstrated by the impact of the hacking of the Office of Management and Budget's personnel records two years ago. But another sort of organization is now in the crosshairs of criminals seeking identity data to sell to fraudsters: doctors' offices. Abagnale was in Orlando this week to speak to health IT professionals at the 2017 HIMSS Conference about the rising threat of identity theft through hacking medical records—a threat made possible largely because of the sometimes haphazard adoption of electronic medical records systems by health care providers.

Read 16 remaining paragraphs | Comments

Kategorie: Hacking & Security
Syndikovat obsah