Another Intel Speculative Execution Vulnerability

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research ...

Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous ...
Root KSK Ceremony 39

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

| | dns, keys, locks, safes
Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure ...

New SHA-1 Attack

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We ...

TPM-Fail Attacks Against Cryptographic Coprocessors

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks, by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust ...

NordVPN Breached

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates ...

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

Earlier this month, I made fun of a company called Crown Sterling, for...for...for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit ...
Ryuk

Future-proofing Security in a Post-Quantum Cryptography World

Post-quantum cryptography broadly represents cryptographic algorithms that are safe against threats from quantum computers. Quantum computers aren’t expected to come into play for a decade., which might leave you asking, “Why should ...
Security Boulevard

On Security Tokens

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, ...

Risk Assessment and Identifying Vulnerabilities in Your PKI Management

Cyber security is a field both deep and broad with a large number of complicated facets. As no one can be an expert in all things, it can sometimes be difficult even ...