Vulnerability testing is commonplace these days, and a lucrative business for some, but a Hungarian biz is offering an unusual prize for anyone who manages to crack its email encryption system – a five per cent stake in the company.
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed.
Whatever your opinion of Bitcoin, it does stand as a high-quality intellectual achievement. Now, a group of researchers from Johns Hopkins are suggesting its cryptographic implementation could help solve the “certificate problem” for ordinary users.
Apart from whether or not they might be universally compromised by the spooks, a problem with Public Key Infrastructure – PKI – certificates is that they depend on users' trust of the certification authority (CA) that sits at the top of the trust hierarchy.
It's past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to install in a secure fashion.
The good news, however: behind the huge amount of detail that you'd have to work through if you were actually implementing crypto, ENISA says (PDF) there are only two decisions that have to be made at the high level:
Buffer, a service for scheduling social media posts, said Sunday it has strengthened its security after spammers gained access to its network.
On Saturday, Buffer halted all social media postings after a raft of spam coming from Buffer accounts hit Facebook and Twitter. Later that day, service was restored, but Buffer advised users to access their accounts from its main URL rather than from its mobile applications.
A consumer VPN service called CryptoSeal Privacy has shut down rather than risk government intrusions that could cost the company money in legal fees and threaten user privacy.
CryptoSeal will continue offering its business-focused VPN, but the consumer service is done, the company announced:
Hackers this week showed security conference attendees findings and demonstrations directly contradicting Apple's public claim that it can't read iMessages.
Even though the messages are encrypted end-to-end as Apple claims, according to QuarksLab researchers showed a packed room at Hack In The Box Kuala Lumpur, due to the lack of certificate pinning, "Apple can technically read your iMessages whenever they want."
Security experts have long suspected that iMessage is not as safe and impenetrable as Apple claims. But a group of researchers says it has proof that Apple can indeed eavesdrop on your iMessages — and the NSA can, too.
The researchers, through a careful and thorough study of the iMessage protocol, conclude that Apple has the ability to intercept and decrypt iMessages. Even though the messages are encrypted end-to-end, Apple manages the keys needed to encrypt and exchange the messages, the researchers found.
Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods.
Part-time fugitive and antivirus software founder John McAfee has a new invention he's working on. After spending some of his time filming a drug-fueled video tutorial to uninstall the antivirus program he helped create, McAfee now believes he can outsmart the NSA. Speaking at the C2SV Technology Conference on Saturday, McAfee unveiled his grand plan to create a "D-Central" gadget that communicates with smartphones, tablets, and laptops to create decentralized networks that can't be accessed by government agencies.
