Latest episode – listen and read now! Use our advice to advise your own friends and family… let’s all do our bit to stand up to scammers!
Tag: Cryptography
Security Bloggers, Security Vendor News
Malicious Life Podcast: The Cypherpunks Who Invented Private Digital Money
by Malicious Life Podcast •
Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas i…
Security Vendor News
OpenSSL issues a bugfix for the previous bugfix
by Paul Ducklin •
Fortunately, it’s not a major bugfix, which means it’s easy to patch and can teach us all some useful lessons.
Europe, Global Security News, North America
Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills
by Bruce Schneier •
Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more …
Uncategorized
Smashing Security podcast #279: Encrypted notes, and a deadly case of AirTag spying
by Graham Cluley •
How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn’t the world of cryptocurrency and blockchain doing just great?
All this and more is discussed in the latest edi…
Security Vendor News
He sold cracked passwords for a living – now he’s serving 4 years in prison
by Paul Ducklin •
Crooks don’t need a password for every user on your network to break in and wreak havoc. One could be enough…
Europe, Global Security News, North America
Themes from Real World Crypto 2022
by William Woodruff •
By William Woodruff Last week, over 500 cryptographers from around the world gathered in Amsterdam for Real World Crypto 2022, meeting in person for the first time in over two years. As in previous years, we dispatched a handful of our researchers and …
Malware Indicators (IoCs), Vulnerabilities
Oracle Fixed A Java JDK Cryptographic Bug Allowing Credential Forgery
by Abeerah Hashim •
The tech firm Oracle has recently patched a severe cryptographic bug in Java JDK that…
Oracle Fixed A Java JDK Cryptographic Bug Allowing Credential Forgery on Latest Hacking News.
Security Vendor News
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
by Paul Ducklin •
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode – listen now!
Security Vendor News
Critical cryptographic Java security blunder patched – update now!
by Paul Ducklin •
Either know the private key and use it scrupulously in your digital signature calculation…. or just send a bunch of zeros instead.
Europe, Global Security News, North America
Amarna: Static analysis for Cairo programs
by fcasal •
By Filipe Casal We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in assets (such as dYdX, driven by StarkWare…
Security Vendor News
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
by Paul Ducklin •
Latest episode – listen now!
Security Vendor News
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
by Paul Ducklin •
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?
Security Vendor News
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
by Paul Ducklin •
Latest episode – listen now!
Security Vendor News
OpenSSL patches infinite-loop DoS bug in certificate verification
by Paul Ducklin •
When it comes to writing loops in your code… never sit on the fence!
Europe, North America
‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
by Nate Nelson •
Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.
Security Bloggers, Security Vendor News
Malicious Life Podcast: Crypto AG Part 3 – The Truth is Revealed
by Malicious Life Podcast •
By the 1970s, Crypto AG was a large and thriving company, employing over 400 people. This final episode of the series is going to explore how a spying operation, affecting over 100 countries for 70 years, was kept secret the whole time from…
Security Bloggers, Security Vendor News
Malicious Life Podcast: Quantum Cybersecurity
by Malicious Life Podcast •
Quantum Computing is a fascinating and revolutionary technology that has been gaining significant ground in the past decade, with researchers from both academia and the commercial sector – such as Google and IBM – announcing major breakthro…
Europe, North America
Free HermeticRansom Ransomware Decryptor Released
by Lisa Vaas •
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
Europe, Global Security News, North America, Vulnerabilities
Samsung Encryption Flaw
by Bruce Schneier •
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones.
From the abstract:
In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and…
Security Bloggers, Security Vendor News
Malicious Life Podcast: Crypto AG Part 2 – The Death of Bo Jr.
by Malicious Life Podcast •
How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Some have speculated that it was some kind of backdoor – but no, it was more clever than that. And Bo Jr., Hagelin’s son, who be…
Security Bloggers, Security Vendor News
Malicious Life Podcast: Crypto AG – The Greatest Espionage Operation Ever Part 1
by Malicious Life Podcast •
General McArthur, Egypt’s Anwar Sadat, and Iran’s Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in arguably the biggest, most ambitious hacking operation ever. A secret mission that lasted nearly a cent…
Security Vendor News
Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist
by Naked Security writer •
The cops say they’ve recovered 80% of a $72 million cryptocoin heist… but the recovered funds alone are now worth over $4 billion!
Europe, Global Security News, North America
Part 2: Improving crypto code in Rust using LLVM’s optnone
by Henrik Brodin •
By Henrik Brodin Let’s implement crypto! Welcome to the second part of our posts on the challenges of implementing constant-time Rust code. Part 1 discussed challenges with constant-time implementations in Rust and WebAssembly and how optimization barr…
Europe, Global Security News, North America
The Evolution of Encrypted IM Messenging Platforms – The Rise and Future of the OMEMO Protocol – An Analysis
by Dancho Danchev •
Dear blog readers,
I’ve decided to share with everyone an article that I’ve been recently working on namely the rise of the OMEMO real-time Jabber/XMPP encryption protocol and also discuss in-depth the security risks involved in OMEMO type of commun…
Europe, Global Security News, North America
Part 1: The life of an optimization barrier
by Fredrik Dahlgren •
By Fredrik Dahlgren Many engineers choose Rust as their language of choice for implementing cryptographic protocols because of its robust security guarantees. Although Rust makes safe cryptographic engineering easier, there are still some challenges to…
Security Vendor News
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
by Paul Ducklin •
Latest epsiode – listen now!
Security Vendor News
Serious Security: Linux full-disk encryption bug fixed – patch now!
by Paul Ducklin •
Imagine if someone who didn’t have your password could sneakily modify data that was encrypted with it.
Security Vendor News
Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble
by Paul Ducklin •
Have you ever seen the message “An error occurred”? Even worse, the message “This error cannot occur”? Facts matter!
Europe, Global Security News, North America
Cambridge Quantum Launches Cryptographic Key Service
by Michael Vizard •
Cambridge Quantum (CQ) today unfurled Quantum Origin, a cloud-based service based on a quantum computer that generates stronger cryptographic keys at a lower cost than a classical computer. CQ is a wholly-owned subsidiary of Quantinuum, which was form…
Security Vendor News
Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it
by Paul Ducklin •
Mozilla’s cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
Europe, North America
Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
by Tara Seals •
Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers.
Security Vendor News
Samba update patches plaintext password plundering problem
by Paul Ducklin •
When Microsoft itself says STOP USING X, where X is one of its own protocols… we think you should listen.
Europe, North America
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
by Becky Bracken •
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
Europe, North America
Squid Game Crypto Scammers Rips Off Investors for Millions
by Becky Bracken •
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.
Security Vendor News
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
by Paul Ducklin •
Latest episode – listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)
Security Vendor News
S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]
by Paul Ducklin •
Latest episode – listen now!
Security Vendor News
How to steal money via Apple Pay using the “Express Transit” feature
by Paul Ducklin •
Could a rogue vendor with a dodgy payment terminal rip you off via Apple Pay? Maybe. Here’s what to do about it.
Security Vendor News
Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)
by Paul Ducklin •
Let’s Encrypt is set to become a mainstream, self-certifying web certificate authority – here’s why it took so many years.
Europe, North America
Financial Cybercrime: Following Cryptocurrency via Public Ledgers
by John Hammond •
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.