Agregátor RSS

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists. (?)

EFAIL furore not over yet, even though it´s easy to fix.

However, PGP´s creator Phil Zimmerman, Protonmail´s Any Yenn, Enigmail´s Patrick Brunschwig, and Mailvelope´s Thomas Oberndörfer are still concerned that misinformation about the bug remains in the wild.

Yenn tried to refute the EFAIL “don´t use PGP” on May 25, and the four have followed up with this joint post.

According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage has increased due to recent geopolitical changes.

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

Since 2010, communication service providers have migrated to encrypted services ´by default´, a process that accelerated following the Snowden disclosures, said the National Strategic Assessment of Serious and Organised Crime 2018

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares.

The National Institute of Standards and Technology wants comments on the best way to design criteria to evaluate new encryption standards for small computing devices.

NIST will eventually ask researchers and cryptographers for algorithms that could be used to encrypt data on small, "constrained devices," such as sensors, RFID tags, industrial controllers and smart cards that are being incorporated into automobiles, internet-of-things devices, the smart grid and distributed control systems.

But first the agency needs to establish the requirements and evaluation criteria that will guide the review of the algorithms.

The vulnerability, called EFAIL, is exploitable against encrypted email, including previously transmitted mail, according to researchers.

Viz také komentáře:

• PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor.
• PGP and EFAIL: Frequently Asked Questions.
• Details on a New PGP Vulnerability
• Efail: Was Sie jetzt beachten müssen, um sicher E-Mails zu lesen
• PGP und S/MIME: So funktioniert Efail

Mark Kaelin: Protecting customers´ personal data is vitally important to the future success of every organization. Encrypting that data with one of these apps is a good place to start.
Numerous high-profile events in 2017 and early 2018 have made it abundantly clear that all enterprises and government agencies are responsible and liable for the protection of personal data collected from customers and clients—no exceptions. New regulations, such as the GDPR, which goes into effect May 25, 2018, will back those expectations of protection with substantial penalties and fines for the noncompliance.
To avoid potential fines, organizations need to demonstrate initiative by establishing measurable security protocols that protect collected personal data. One of most common methods for protecting stored data is encryption.

Různé verze tabulky DEIN STAR, které byly používány agenty BND v NDR do roku 1989 lze vyhledat na tomto zajímavém webu.

In (In)secure Magazine Issue 27, March 2018.

Blockchain technology promises to solve many complex problems across different business sectors and industries, and Bitcoin is breaking value records seemingly every hour. But many don’t understand how the two really work, and use the two words interchangeably as if they were synonymous.
One important thing to remember is that blockchain can exist without Bitcoin, but Bitcoin cannot exist without a blockchain.
Bitcoin is a digital currency that was created in 2009. Only 21 million Bitcoins can ever be created (mined), and it is estimated that the last coin will be produced in 2140.
It is exchanged on a decentralized, peer-to-peer network, meaning that there is no central server or authority (i.e., a central bank) that regulates it. In the beginning, the Bitcoin network was operated by volunteers who had a full Bitcoin protocol stack installed on their private computers. However, the network’s operation has mostly been taken over by specialized data centers.
Bitcoin operates on a cryptographic protocol, is fully transparent and open source. As it’s not backed by a real authority, the health of the system depends entirely on the trust people have in it. The value of Bitcoin is determined by the amount people are willing to pay for it.

Google has announced the release of the 72-qubit square array Bristlecone quantum processor, which the company believes is adequate to demonstrate quantum supremacy.

Bristlecone is the evolution of Google´s prior 9-qubit linear quantum processor, which had error rates of 1% for readout, 0.1% for single-qubit gates, and 0.6% for two-qubit gates.

[6 minut čtení] Už příští rok půjdou na finančních úřadech kartou zaplatit poplatky a dluhy. Samotné daně zatím nikoli. Dohadování státu s karetními společnostmi ale pokračuje. Od začátku roku 2019 půjde na finančních úřadech zaplatit správní poplatky a daňové dluhy platební kartou. Na samotné placení daně přes platební kartu se ale bude dál čekat. Stát se totiž stále nedohodl s bankami a karetními společnostmi na takovém modelu, který by poplatky neúčtoval jako určitou část z obratu.

[6 minut čtení] V některých situacích může být přepojišťování výhodou i pro vás. Jindy tím ale spíše trpíte. Jak poznat rozdíl a kdy se přepojišťění smlouvy vyhnout? Jaké jsou důvody, proč přepojišťovat. Jaké jsou možnosti při potřebě změnit smlouvu? Přepojišťováním se často myslí především ukončení předchozí pojistky (výpověď z vaší strany typicky nejméně 6 týdnů před výročím smlouvy) a založení nové pojistky navazující na předchozí. Ta nová pojistka může být u jiné, ale i stejné pojišťovny. Z nové pojistky pojišťovna poradci zaplatí získatelskou provizi a pak ročně následnou provizi. U životního pojištění často během 5 let zaplatí provizi za celou dobu trvání smlouvy a pak následná provize je často jen symbolická. U neživotního pojištění je následná každý rok stejná, někdy i získatelská je stejná jako následná.

První po-14nm herní produkt AMD jde na trh. Recenze ukazují očekávaný 10% posun výkonu oproti Radeonu RX 580 a kolem 15% ve srovnání s Radeonem RX 480; více u nereferenčních modelů…

The modular malware seems to be in a testing phase, but TA505's interest made researchers take note.

The modular malware seems to be in a testing phase, but TA505's interest made researchers take note.