Heute ging es an der TH Köln um das chinesische Spionage- und Cyberrecht - bei vollem Haus mit 170 angemeldeten Teilnehmer:innen! Wer nicht dabei sein konnte: Der Vortrag wurde aufgezeichnet, in Kürze gibt es hier den Link. #china#cyberlaw#cybersecurity#cryptography
@Perl Good news, the #Perl module IO::Socket::SSL now defaults to using the #TLS cryptographic protocol version 1.2 or greater. (Earlier versions have been widely deprecated for a couple of years due to weaknesses found in the #MD5 and #SHA1 hashing functions.)
Note that if you’ve updated #OpenSSL recently you may also have to rebuild and reinstall Net::SSLeay from #CPAN.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #19/2023 is out! It includes, but not only:
‣ New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing #Phishing Pages
‣ #Netgear Routers' Flaws Expose Users to #Malware, Remote Attacks, and Surveillance
‣ 🇮🇹 🏎️ #WordPress Plugin Vulnerability Exposed #Ferrari Website to Hackers
‣ 🇯🇵 🚗 #Toyota Japan exposed data on millions of vehicles for a decade
‣ 📨 #Microsoft patches bypass for recently fixed Outlook zero-click bug
‣ 🇺🇸 🇺🇦 IRS gives #Ukraine tools to expose Russian oligarchs hiding riches in #crypto exchanges
‣ 🇨🇭 Multinational tech firm #ABB hit by Black Basta #ransomware attack
‣ 🐥 #Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
‣ 🇺🇸 Cybersecurity firm #Dragos discloses cybersecurity incident, extortion attempt
‣ 🇰🇵 North Korean hackers breached major hospital in Seoul to steal data
‣ 🇺🇸 #Google Now Lets US Users Search #DarkWeb for Their Gmail ID
‣ 🇺🇸 #IBM Delivers Roadmap for Transition to Quantum-safe #Cryptography
‣ 🇪🇸 Spanish police dismantle phishing operation linked to crime ring
‣ 🇺🇸 Microsoft #PatchTuesday: 40 Vulnerabilities, 2 Zero-Days
‣ 🇺🇸 🇷🇺 Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by #Russia's Federal Security Service
‣ 🇺🇸 Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
‣ #MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
‣ 🇮🇷 Microsoft: Iranian hacking groups join #Papercut attack spree
📚 This week's recommended reading is: "The Pentester BluePrint: Starting a Career as an Ethical Hacker" by @phillipwylie and @crowgirl
IBM has introduced a quantum-safe roadmap to help the complex organizational transition to post-quantum cryptography at this year’s annual Think conference.
“This roadmap serves as a commitment to transparency, predictability, and confidence as we guide industries along their journey to post-quantum cryptography. There’s a lot happening at once — new algorithms, standards, best practices, and guidance from federal agencies. We hope that this roadmap will serve as a navigational tool through this complex landscape,”
Even though the first and last bytes are not properly clamped above, when generating the public key, the wg(8) tool will clamp it. Further, when bringing up the interface, Wireguard will also clamp it.
Just saw someone implementing user authentication for an #E2EE application by taking the users password, running it through libsodium's crypto_pwhash with a fixed salt derived from the user's email address, before sending the (email, hash) pair to the remote server.. and I'm just like "is this secure?"
I'd always thought you'd want a construct like SRP6a for conducting the authentication between client & server (without the server learning the user's password)... #security#cryptography
"Export controls and usage controls [on cryptographic software] are slowing the deployment of security at the same time as the Internet is exponentially increasing in size and attackers are increasing in sophistication. This puts users in a dangerous position as they are forced to rely on insecure electronic communication."
"We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cycles."
1/ Today the #2024Election kicks off in earnest with #JoeBiden’s re-election bid announcement
There is 560 days to the #PresidentialElection. Much will happen, conditions will change but it as #Biden suggests a continuation of the battle for the soul of America
I’ll use this thread to comment periodically on the election over the next 80 weeks. It’s a long road to #ElectionDay2024, but the stakes couldn’t be higher
For years I’ve been beating a drum that we should normalize the cryptographic signing of mainstream content, for example politicians signing with their own identities to certify that a quote or video clip is real and accurate.
Not only would that help assure that a quote wasn’t taken misleadingly out of context, but in this new age it would help protect against outright deepfakes.
Unfortunately, I’ve often heard journalists respond that such a norm would interfere with journalistic independence, and lead to people being skeptical of journalists.
I think such responses get it exactly backwards.
In any case, yep, I’m still beating the drum, but sadly I think the ship has sailed and we’re now entering the more dangerous waters without that protection in place.
I had an idea for an anonymous, authenticated, zero-trust voting system. But probably somebody else already had the same idea. Any cryptographers around who might know? #cryptography#eVoting#zeroTrust
Hello Everyone! I'm Sarah. Executive Director of Open Privacy (https://openprivacy.ca/) - a Canadian non-profit society dedicated to researching & building privacy enhancing tools (like https://cwtch.im) that empower people.
I spend most of my days conducting #cryptography and #privacy research, and a fair amount of time disclosing security issues in a variety of systems.
Summary: #Kryptographie verdient den Namen erst dann, wenn alle ihre Nutzer den Vorgang informiert kontrollieren. Meine Bankkarte bietet zwar formal, technologisch #Verschlüsselung, aber eben nur formal. #Cryptography deserves its name only when all their informed users control the process. My bank card offers formal, technological #encryption, but just: formal.