Unpatchable security flaw in Apple Silicon Macs breaks encryption
'University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.
The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …'
A capable colleague passed on a request from their client. They want to know if the VM disks are encrypted at rest, if the keys are rotated periodically, and if there's a key retention procedure in place. Ironically, the client's VPS runs on Ubuntu 18.04, which has been out of updates for a year, and despite numerous notifications to upgrade, they believe it can wait. 😄
Today is the #idesofmarch, marking Julius Caesar's assassination and a turning point in Roman history. But, what does this have to do with #encryption, you ask?
Caesar used to communicate privately by encrypting his correspondence with what came to be called the #caesarcipher.
This simple and widely known encryption technique is a substitution cipher in which each letter in plaintext is replaced by another letter following a fix position further up or down the alphabet.
This modest form of #encryption required no mathematics, and it could be done by finger-counting.
#CyberSecurity#Encryption#QuantumComputing: "If we do not encrypt our data with a quantum-secure algorithm right now, an attacker who is able to store current communication will be able to decrypt it in as soon as a decade. This store-now-decrypt-later attack is the main motivator behind the current adoption of post-quantum cryptography (PQC), but other future quantum computing threats also require a well-thought out plan for migrating our current, classical cryptographic algorithms to PQC.
This is the first of a series of blog posts in the Bug Hunters blog, dedicated to the topic of PQC, where we in Google's Cryptography team share our latest thoughts and reasons about the PQC migration, starting with the threat model we are working with.
This was an easy blog post for me to write! There is so much wrong with the State of Nevada’s request for an injunction to prevent Meta from rolling out end-to-end encryption in Facebook Messenger. For starters, WhatsApp has had E2EE since 2016, Apple iMessage since 2011 … and more.
Hopefully the district court in Nevada will agree and NOT allow the injunction! We’ll see.
Last night we joined an effort to stop the State of Nevada from making it easier for children’s personal information to be obtained by child predators, criminal gangs, foreign nations, and others.
Together with the ACLU, @riana , @eff , @CenDemTech , @mozilla , @fight , and @signalapp , and Access Now, we filed an amicus brief asking the court to protect children by ensuring they can use the most secure communication possible!
End-to-end #encryption is essential to secure comms on inherently insecure internet+has been available by default for years from other messaging services. Denying children the opportunity to use #E2EE encrypted messaging does not protect them, but instead exposes them to danger.
Signal is an encrypted messaging application that supports post-quantum cryptography.
Google Gmail is the email provider for Signal Messenger LLC, this is the company that develops the Signal messaging application and the Signal protocol.
Signal support can be contacted from within the application by going to Signal Settings (profile) > Help > Contact Us.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
To security experts: Do you use #VPN for services that are already end-to-end encrypted? Or, you add their apps in split-tunnelling mode?
Or, to rephrase it: is there any use in keeping end-to-end encrypted apps behind a VPN?
This is under the assumption that all things are equal (no ISP issues; no need to bypass any network set up; end-to-end encryption is enabled by default).
#EU#DMA#WhatsApp#Cybersecurity#Interoperability#Encryption: "Europe’s DMA mandates that interoperability should not weaken security and privacy: “The level of security—including end-to-end encryption where applicable—that the gatekeeper provides to its own end-users shall be preserved across the interoperable services.”
This was always going to be a near impossibility. End-to-end encryption with endpoint assurance clearly only works where the two “ends” can actually be assured, which means—realistically—they are the same. Two WhatsApp or iMessage or Signal apps. DMA envisages a world where Signal messages might be sent to WhatApp users. And that so-called interoperability, by its very nature, breaks that model.
As EFF warned back in 2022, “requiring interoperability without unacceptable tradeoffs in security or privacy is a very high hurdle, one that might turn out to be insurmountable.”