Articles about crypto

Estonia folk dancers in traditional costume

Estonia government locks down ID smartcards: Refresh or else

The Estonian government is suspending the use of the Baltic country’s identity smartcards in response to a recently discovered and wide-ranging security flaw. Residents of the Baltic country will still be able to use smartphone equivalent of the technology, which is used to access government services and online banking. Use of …
John Leyden, 3 Nov 2017

Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA …
John Leyden, 16 Oct 2017

China orders immediate shuttering of Bitcoin exchanges

China has ordered all Bitcoin and cryptocurrency exchanges to cease trading by the end of Friday, causing a massive drop in its value worldwide. According to leaked documents and a series of statements from those running the local exchanges, China's regulators have told the exchanges verbally that they do not have a license to …
Kieren McCarthy, 15 Sep 2017
Woman stares at laptop screen, shocked. Pic by shutterstock

HSBC biz banking crypto: The case of the vanishing green padlock and... what domain are we on again?

HSBC has been faulted for redirecting business customers to a website that is not obviously secure. Rob Jonson, director of Hobbyist Software, who alerted us to the issue, was concerned that he'd fallen victim to a phishing scam. I logged into my HSBC business account, and the site failed to give me any info. Then I looked …
John Leyden, 8 Sep 2017
Paris Hilton DJs .  Editorial credit: ANDREA DELBO / Shutterstock.com

Paris Hilton inflates crypto bubble some more, backs Initial Coin Offering

Just in case we were in any doubt that we were in a crypto bubble, Paris Hilton has announced she will back an Initial Coin Offering venture. On Sunday, the famous "heir-head" tweeted she was participating in the upcoming "LydianCoin" ICO. Looking forward to participating in the new @LydianCoinLtd Token!  #ThisIsNotAnAd # …
Kat Hall, 4 Sep 2017

GTFO of there! Security researchers turn against HTTP public key pinning

Security researchers have endorsed industry guru Scott Helme's vote of no confidence in a next-generation web crypto technology. Helme said he was "giving up on HPKP" after experimenting with the tech and ultimately finding it too cumbersome for mainstream use even among security-conscious organisations. HTTP Public Key …
John Leyden, 25 Aug 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Good Lord: Former UK spy boss backs crypto

A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps. Lord Evans, who retired in 2013, told BBC Radio 4’s Today programme (link here) that he did not support encryption restrictions despite acknowledging cryptography had been an obstacle in investigating terrorist cases, saying …
John Leyden, 11 Aug 2017

Five-eyes nations want comms providers to bust crypto for them

This week's five-eyes meeting has issued its communique, promising to get the tech sector to solve the problems of online terrorism and encrypted communications. As is the way of political communiques, there's a carefully-crafted lack of detail (sufficient, for example, for plausible deniability) about what exactly is planned …

Ex-military and security firms oppose Home Sec in WhatsApp crypto row

UK government ministers calling for increased surveillance abilities in the wake of last Wednesday's terrorist attack have encountered opposition from a somewhat unexpected quarter. Home Secretary Amber Rudd went on TV at the weekend to say it was "completely unacceptable" that authorities were unable to look at the encrypted …
John Leyden, 27 Mar 2017
Tripping over

You're taking the p... Linux encryption app Cryptkeeper has universal password: 'p'

Linux encryption app Cryptkeeper has a bug that causes it to use a single-letter universal decryption password: "p". The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem's command line interface: …
Darren Pauli, 31 Jan 2017

Alleged ISIS member 'wore USB cufflink and trained terrorists in encryption'

A Cardiff man said to be a member of ISIS and who is alleged to have trained terrorists in the use of encryption will be put on trial in March. Samata Ullah, 33, was charged earlier this month with six terrorism offences. Today at the Old Bailey Mr Justice Holroyde remanded Ullah in custody until 17 November, according to the …
Gareth Corfield, 28 Oct 2016
shutterstock_197065211

Ageing GSM crypto cracked on commodity graphics rig

The crypto scheme applied to second generation (2G) mobile phone data can be hacked within seconds, security researchers have demonstrated. The work by researchers from the Agency for Science, Technology and Research (A*STAR), Singapore shows that breaking the A5/1 stream cipher used by 2G is possible using commodity hardware …
John Leyden, 24 Oct 2016
Zombie rising from the grave

Zombie crypto stalks smart grids

The Open Smart Grid Protocol's custom RC4 encryption has been cracked – again. OSGP was called out last year for rolling its own crypto, based on the deprecated RC4. At the time, the OSGP Alliance said it would implement better security, but the RC4 zombie is still shambling around, according to German researchers Linus …

Boffins boost IETF crypto efforts

A pair of German engineers want to give a push to the adoption of new crypto in the IETF by pushing the curves in RFC 7748 into hardware. RFC 7748, here, is a research-level document that describes proposed new elliptic curves for use in applications like Transport Layer Security (TLS). Moving from research to the real world …

Critical flaw in Pidgin, Adium's Off The Record chat lib. Patch ASAP

Security researchers have discovered a critical vulnerability in libotr, a software library used in chat apps to send and receive encrypted messages. Several instant messengers – including ChatSecure, Pidgin, Adium and Kopete – are affected by the remote-code execution bug in libotr, which was discovered by Markus Vervier at …
John Leyden, 10 Mar 2016
Rose and Jack drowning scene Titanic. Pic: Fox pictures

Cloud sellers who acted on Heartbleed sink when it comes to DROWN

Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects …
John Leyden, 8 Mar 2016

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes

Developers behind the widely used OpenSSL encryption library have warned that they will issue fixes for a mix of bugs next Tuesday (1 March). The patches will land right in the middle of the RSA Conference, infosec marketing's version of the Superbowl. It's understood the bugs are significant (as in, patch as soon as you can …
John Leyden, 25 Feb 2016

Go full SHA-256 by June or get locked out, say payments bods Bacs

Online businesses in the UK will have to update their systems and adopt SHA-2 before June in order to avoid losing access to vital payment and money transfer services. Failure to change before a 13 June deadline will leave merchants unable to use Bacs Payment Schemes Limited (Bacs) to make salary or supplier payments or to …
John Leyden, 17 Feb 2016

Create a news alert about crypto, or find more stories about crypto.

Biting the hand that feeds IT © 1998–2017