Article Trunk



Posts Tagged ‘Cryptography’

Cybersecurity 101: Five simple security guides for protecting your privacy

With hundreds of millions of people home for the holidays, now is a better time than ever to spread good tidings and cheer, and — well, some much-needed security advice for all the family. Security sounds complicated, but it doesn’t have to be. Privacy is more important than ever. With an ever-changing and evolving landscape ...

Debunking “ghost users”: MI5’s plan to backdoor all secure messaging platforms

When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- ...

Australia rushes its ‘dangerous’ anti-encryption bill into parliament, despite massive opposition

Australia’s controversial anti-encryption bill is one step closer to becoming law, after the two leading but sparring party political giants struck a deal to pass the legislation. The bill, in short, grants Australian police greater powers to issue “technical notices” — a nice way of forcing companies — even websites — operating in Australia to ...

Sennheiser’s headphone drivers covertly changed your computer’s root of trust, leaving you vulnerable to undetectable attacks

Your computer ships with a collection of trusted cryptographic certificates, called its "root of trust," which are consulted to verify things like SSL connections and software updates.

A recent report from Secorvo reveals that Sennheiser's Headsetup drivers for its headphones covertly inserted two certificates into this root of trust. What's more, the certificate was ineptly ...

World War II Enigma cipher machine up for auction

A rare, fully-operational Enigma cipher machine from World War II will go up for auction at Sothebys tomorrow as part of an amazing History of Science & Technology auction (also including Richard Feynman's Nobel Prize). The Enigma is expected to go for around $200,000.

From a 1999 article I wrote for

Sennheiser’s flawed headphone software opened PCs and Macs to HTTPS site spoofing

Headphone maker Sennheiser has patched its software after the company admitted a serious vulnerability that made it easy for hackers to impersonate any website — even encrypted pages. The software, which helps Mac and Windows users to connects their headphones to other devices, also installed a self-signed root certificates with an easily obtainable private key. ...

Office 365, Azure users are locked out after a global multi-factor authentication outage

Good morning! Except if you’re a hosted Microsoft customer who’s locked out of your account right now. Microsoft’s cloud-based multi-factor authentication services went down across the globe early Monday morning, preventing access to users who are required to sign in using a second layer of authentication to their account, such as a text message, a ...

Tech giants take seats on Homeland Security’s new supply chain task force

Homeland Security’s supply chain task force is finally off the ground.. The public-private coalition, set up earlier this year, now has representatives from more than two dozen companies and industry groups signed up to help the government try to combat risks faced by tech companies from threats in the supply chain. Called the ICT Supply ...

Security researchers have busted the encryption in several popular Crucial and Samsung SSDs

Researchers at Radboud University have found critical security flaws in several popular Crucial and Samsung solid state drives (SSDs), which they say can be easily exploited to recover encrypted data without knowing the password. The researchers, who detailed their findings in a new paper out Monday, reverse engineered the firmware of several drives to find ...

Signal rolls out a new privacy feature making it tougher to know a sender’s identity

Signal, regarded as the gold standard of end-to-end encrypted messaging apps, is rolling out a new feature that will further protect the identities of message senders. “While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Signal revealed in a blog post Monday. ...