Aktuality

WSU mathematician breaks down how to defend against quantum computing attacks

Security News - 15 min 49 sek zpět
The encryption codes that safeguard internet data today won´t be secure forever.
Future quantum computers may have the processing power and algorithms to crack them.
Nathan Hamlin, instructor and director of the WSU Math Learning Center, is helping to prepare for this eventuality.
He is the author of a new paper in the Open Journal of Discrete Mathematics that explains how a code he wrote for a doctoral thesis, the Generalized Knapsack Code, could thwart hackers armed with next generation quantum computers.
Kategorie: Aktuality

Time´s up for SHA-1 hash algo, but one in five websites still use it

Security News - 15 min 49 sek zpět
Google, Microsoft and Mozilla say they won´t trust anyone who hasn´t migrated.
One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey.
Reliance on the obsolete hashing technology leaves companies at greater risk of security breaches and compliance problems, certificate management firm Venafi warns.
Venafi´s latest study shows there has been improvement since November 2016, when a third (35 per cent) of websites were still using SHA-1.
Kategorie: Aktuality

Post-Quantum Crypto: Don´t Do Anything

Security News - 15 min 49 sek zpět
No Need to Panic, Cryptographers Say; Just Wait for NIST Guidance

There´s good news for anyone worried about the rise of quantum computers and the risk that they could be used to crack modern, public-key crypto systems, thus imperiling the security of much of today´s data, both in transit and at rest. Leading cryptographers advise: Don´t panic, and above all, don´t do anything about it right now.
Kategorie: Aktuality

RSA Conference 2017: From Cryptography to Mysteries of the Universe

Security News - 15 min 49 sek zpět
This year´s RSA Conference, which was held Feb. 13-17 in San Francisco, saw more than 43,000 attendees show up to listen to speakers and to learn from vendors about the latest security trends, products and services. Among the annual traditions at the RSA Conference is the Cryptographers Panel, which includes Ron Rivest (the "R" in RSA) and Adi Shamir (the "S" in RSA). The cryptographers are not particularly enthusiastic about the modern state of security, with Shamir claiming that the internet as we know it is broken. Also at the conference, former U.S. National Security Agency (NSA) chief Gen. Keith Alexander talked about how the cloud can help enable a common defense for organizations of all sizes. Meanwhile at a VIP event at the RSA Conference, Michael Dell, CEO of Dell Technologies, spoke about new innovations from RSA as well his company´s broader approach to securing IT assets and information. And at a number of sessions at the conference, Google detailed its approaches to both Android and Gmail security. In this slide show, eWEEK takes a look at some of the highlights of the 2017 RSA Conference.
Kategorie: Aktuality

SHA-1 Has Fallen

Security News - 15 min 49 sek zpět
Practical Attack Demonstrated Against Deprecated Cryptographic Hash

„We have broken SHA-1 in practice,“ wrote a group of researchers from the Centrum Wiskunde & Informatica research center in Amsterdam and Google on Feb. 23. A research paper from CWI´s Marc Stevens and Pierre Karpman and Google´s Ange Albertini, Elie Bursztein and Yarik Markov says the group´s so-called „SHAttered attack“ can be used to compromise anything that relies on SHA-1.

Viz komentář:
Kategorie: Aktuality

Google Rolls Out New Cloud Encryption Key Management Service

Security News - 15 min 49 sek zpět
The new Google Cloud Platform service will allow enterprises to create, use and rotate encryption keys to protect their data, company says.
Kategorie: Aktuality

PIV-I and Mutlifactor Authentication: The Best Defense for Federal Government Contractors

Security News - 15 min 49 sek zpět
In response to an unprecedented level of espionage and cyber attacks aimed at compromising critical government IT infrastructure-from networks to applications-the federal government last year announced new standards. Regulations have been enacted in 2016 to apply these standards to federal contractors and their subcontractors.
Kategorie: Aktuality

GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug

Security News - 15 min 49 sek zpět
GoDaddy: Due to a software bug, the recently issued certificate for your domain was issued without proper domain validation, and in accordance with industry standards as a Certificate Authority, we will need to revoke your certificate as a precautionary measure. The certificate will be revoked today (January 10) by 9pm Pacific Time. The software bug that created the issue has been remedied. We continue to closely monitor our system.
Kategorie: Aktuality

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

Security News - 15 min 49 sek zpět
No really. Insurer´s details on 60k people lost forever. A UK insurance business has been fined £150,000 for its lax security practices after a hard drive containing customers´ unencrypted information was stolen. The hard drive disappeared from the offices of Royal & Sun Alliance insurance (ironically it prefers the abbreviation RSA) back in 2015.
Kategorie: Aktuality

Kaspersky torpediert SSL-Zertifikatsprüfung

Security News - 15 min 49 sek zpět
Der Schreck der Antiviren-Hersteller hat wieder zugeschlagen: Google-Forscher Tavis Ormandy hat diesmal Schwächen im Umgang mit SSL-Zertifikaten bei Kaspersky aufgedeckt. Und das nicht zum ersten Mal.
Kategorie: Aktuality

A prize for “real-world cryptography” was given to programmers behind AES and the Signal app

Security News - 15 min 49 sek zpět
The first 2017 Levchin Prize recipient was the creator of said encryption, Joan Daemen. Along with his collaborators, Vincent Rijmen and the Keccak team, they are responsible for the development of the AES block cipher and the SHA3 hash function. Daemen was immediately followed by Moxie Marlinspike and Trevor Perrin, who were awarded the 2017 Levchin Prize for their development of the Signal protocol used to encrypt messages in communication systems.
Kategorie: Aktuality

Static Power Side-Channel Analysis of a Threshold Implementation Prototype Chip

Security News - 15 min 49 sek zpět
From abstract—The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme.
Kategorie: Aktuality

The importance of cryptography for the digital society

Security News - 15 min 49 sek zpět
Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA´s paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency´s key messages and views on the topic.
Kategorie: Aktuality

Google Releases Test Set to Check Cryptographic Library Security

Security News - 15 min 49 sek zpět
Google has released a set of tests that developers can use to check some open source cryptographic libraries for known security vulnerabilities.
The company has named the set of tests Project Wycheproof.
Kategorie: Aktuality

Technical developments in Cryptography: 2016 in Review

Security News - 15 min 49 sek zpět
While 2016 may not have been the banner year for cryptographic exploits that 2015 was, researchers around the world continued to advance the state of the art.
  • TLS 1.3 design finalized
  • The quest for post-quantum cryptography continues
  • New thinking on how to backdoor cryptographic algorithms
  • RFC 5114: Another backdoored crypto standard from NIST?
  • Cryptographic deniability pops up in the US presidential election
  • Attacks only get better
  • Out with the old, in with the new: HTTPS still being slowly hardened
Kategorie: Aktuality

Strong non-backdoored encryption is vital – but the Feds should totally be able to crack it, say House committees

Security News - 8 Březen, 2017 - 13:00
A bipartisan House working group on encryption has today come to the conclusion that encryption is vital to US national interests, even as it seeks to mitigate the problem the technology can pose for law enforcement. Citing the Federal Bureau of Investigation's effort earlier this year to force Apple to help the agency decrypt an iPhone used by one of the shooters in a 2015 terror attack in San Bernardino, California, the House Judiciary Committee & House Energy and Commerce Committee's Encryption Working Group (EWG) report explores the tension between authorities' desire for access to digital data and the increasingly necessary use of encryption to keep data secure.
Kategorie: Aktuality

NIST requests ideas for crypto that can survive quantum computers

Security News - 8 Březen, 2017 - 13:00
The United States´ National Institute of Standards and Technology has issued a Notice and request for nominations for candidate post-quantum algorithms.
The Institute (NIST) has cottoned on to the fact that - If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.
The agency therefore observes, in its explanation of the Notice, that once such machines are widely available: This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. Bruce Schneier: IT World, Maria Korolov:
Kategorie: Aktuality

Giving Up on PGP

Security News - 25 Únor, 2017 - 08:30
Filippo Valsorda wrote an excellent essay on why he´s giving up on PGP. I (Bruce Schneier) have long believed PGP to be more trouble than it is worth. It´s hard to use correctly, and easy to get wrong. More generally, e-mail is inherently difficult to secure because of all the different things we ask of it and use it for.
Kategorie: Aktuality

Apple\'s macOS file encryption can be bypassed without latest fixes

Security News - 25 Únor, 2017 - 08:30
Custom-made Thunderbolt devices can be used to extract the encryption password from locked Macs.
The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature.
Kategorie: Aktuality
Syndikovat obsah