Articles about encryption

Backdoor key

Oz government rushes its anti-crypto legislation into parliament

The Australian government has rushed forward its proposed anti-encryption legislation, a mere week after a public consultation into the rules closed. A Federal Coalition party meeting yesterday cleared the bill to be introduced into parliament, giving the strong impression the government hopes to push the draft law onto the …

You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it

Video If you can steal someone's laptop, leave it switched on in sleep mode, crack it open, hook up some electronics to alter settings in the BIOS firmware, restart it, and boot into a custom program... you can swipe crypto keys and other secrets from the system. When computers are restarted, the motherboard firmware can wipe the …
John Leyden, 14 Sep 2018
Photo by Kaspars Grinvalds / Shutterstock

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Video Boffins have sprung the bonnet on the weak crypto used in the keyless entry system in Tesla's Model S car. Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive …
John Leyden, 12 Sep 2018
tv television cable cableco entertainment netflix hbo

HTTPS crypto-shame: TV Licensing website pulled offline

The UK's TV Licensing agency has taken its website offline "as a precaution" after being blasted for running transactional pages that were not sent over HTTPS. The publicly funded outfit had been criticised for inviting folk to submit sensitive data over unencrypted links. Just a few hours after proclaiming "we will soon …
John Leyden, 6 Sep 2018
man in headset in fake fatigues sits in front of monitor, speaks intently to unseen officer

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Analysis Not since the days of the US Clipper chip in the early 1990s, have backdoors put there by government decree to bypass encryption been this fashionable with governments. Clipper – an encryption chipset with a US-government-accessible backdoor backed by the US National Security Agency (NSA) – foundered on the stubborn resistance …
John E Dunn, 6 Sep 2018
FACEPALM

Take a pinch of autofill, mix in HTTP, and bake on a Wi-Fi admin page: Quirky way to swipe a victim's router password

Vid Beware using your web browser's autofill feature to log into your broadband router via Wi-Fi and unprotected HTTP. A nearby attacker can attempt to retrieve the username and password. The problem – found by SureCloud's Elliott Thompson and detailed here – is the result of a mismatch in browser behavior and router configuration …
Angry man bites a smartphone

Spies still super upset they can't get at your encrypted comms data

The Five Eyes nations have told the tech industry to help spy agencies by creating lawful access solutions to encrypted services – and warned that governments can always legislate if they don't. The UK, US, Canada, Australia and New Zealand - which have a long-standing intelligence agreement – met in Australia this week. In …
Rebecca Hill, 31 Aug 2018

Support for ageing key exchange crypto leaves VPNs open to attack

Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs). The Internet Key Exchange protocol "IKEv1", which is part of the IPsec protocol family, has vulnerabilities that enable potential attackers to interfere with the communication …
John Leyden, 15 Aug 2018

Australia's Snooper's Charter: Experts react, and it ain't pretty

If the Australian government was hoping its encryption legislation would have a smooth run, it'll probably be disappointed. Not only has the exposure draft landed with a political storm, reactions from technologists range from guarded to sharply critical. On the political front, the Australian Greens came out most strongly …
Penguins line up to dive into the icy water from the ice floe.

Dropbox plans to drop encrypted Linux filesystems in November

Updated Linux users are calling on Dropbox to reverse a decision to trim its filesystem support to unencrypted EXT4 only. The company's supported file system list, here, is missing some formats – including various encrypted Linux filesystems. Until that list was revised, Dropbox said it supported NTFS, HFS, EXT4, and APFS on Linux; …

Cisco patches IOS in response to boffins' IKE-busting breakthrough

Cisco has pushed out an update for its internetwork operating system (IOS) and IOS XE firmware in advance of a Usenix presentation on circumventing cryptographic key protocol. The networking behemoth is advising all customers running hardware that uses IOS and IOS XE to get the updates that address CVE-2018-0131, a security …
Shaun Nichols, 14 Aug 2018
spy_eye_648

When's a backdoor not a backdoor? When the Oz government says it isn't

Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one. The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia will be subject to police orders for access …
Enigma machine Shutterstock

Australia on the cusp of showing the world how to break encryption

The Australian government has scheduled its “not-a-backdoor” crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into …
WiFi outage

If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it – Linux, Android world bug collides with it

It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems. The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a …
Putin

Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses. The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam's …
Shaun Nichols, 20 Jul 2018
Enigma machine Shutterstock

In non-startling news, EFF says STARTTLS email crypto is mostly done wrong

Having successfully pushed for universal HTTPS Web encryption, the Electronic Frontier Foundation's next protocol push is for “STARTTLS Everywhere”. It's testament to system administrator inertia that a protocol first published in 2002 and available in all major e-mail clients and servers is still not everybody's default. By …
Broken container photo via Shutterstock

Hardened Azure logins, softened containers, leaky encrypted images on Macs – and more

Roundup This week you had to deal with AI security panic, fake Fortnite, and, if you use OpenBSD, the end of Intel HyperThread support Here are a few more bits of security news that you might have missed. Ready or not, here comes two-factor Azure log-in Microsoft is going to get its customers using best practices, even if it has to …
Shaun Nichols, 23 Jun 2018
Sigspoof logo by Marcus Brinkmann

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG's signature …

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2018