Showing only posts tagged Features. Show all posts.

Here’s the paper no one read before declaring the demise of modern cryptography

Source

There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows. The uncertainty leaves …

Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing.

Source

What if there was a way to sneak malicious instructions into Claude, Copilot, or other top-name AI chatbots and get confidential data out of them by using characters large language models can recognize and their human users can’t? As it turns out, there was—and in some cases …

Rogue WHOIS server gives researcher superpowers no one should ever have

Source

Enlarge (credit: Aurich Lawson | Getty Images) It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and …

Secure Boot is completely broken on 200+ models from 5 big device makers

Source

Enlarge (credit: sasha85ru | Getty Imates) In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted …

Framework’s software and firmware have been a mess, but it’s working on them

Source

Enlarge / The Framework Laptop 13. (credit: Andrew Cunningham) Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and …

Unpatchable vulnerability in Apple chip leaks secret encryption keys

Source

Enlarge (credit: Aurich Lawson | Apple) A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw—a side channel allowing end-to-end key extractions …

Hackers can read private AI-assistant chats even though they’re encrypted

Source

Enlarge (credit: Aurich Lawson | Getty Images) AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce …

SSH protects the world’s most sensitive networks. It just got a lot weaker

Source

Enlarge / Terrapin is coming for your data. (credit: Aurich Lawson | Getty Images) Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware …

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Source

Enlarge (credit: Getty Images) Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The …

In a first, cryptographic keys protecting SSH connections stolen in new attack

Source

Enlarge (credit: Getty Images) For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. Underscoring the importance of their discovery …

The Signal Protocol used by 1+ billion people is getting a post-quantum makeover

Source

Enlarge (credit: Aurich Lawson | Getty Images) The Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, has rolled out an update designed to prepare for a very real prospect that’s never far from the thoughts of just about every security …

Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong.

Source

Enlarge (credit: Steve McDowell / Agefotostock ) In late May, researchers drove out a team of China state hackers who over the previous seven months had exploited a critical vulnerability that gave them backdoors into the networks of a who’s who of sensitive organizations. Barracuda, the security vendor whose Email …

Windows feature that resets system clocks based on random data is wreaking havoc

Source

Enlarge A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone …

Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

Source

Enlarge (credit: Getty Images) Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations. The …

Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back

Source

Enlarge (credit: Aurich Lawson | Getty Images) A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. Frequently abbreviated as TLD, a top-level …

Those scary warnings of juice jacking in airports and hotels? They’re mostly nonsense

Source

Enlarge (credit: Aurich Lawson | Getty Images) Federal authorities, tech pundits, and news outlets want you to be on the lookout for a scary cyberattack that can hack your phone when you do nothing more than plug it into a public charging station. These warnings of “juice jacking,” as the …

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

Source

Enlarge (credit: Aurich Lawson | Getty Images) Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. Dubbed …

Debit card fraud leaves Ally Bank customers, small stores reeling

Source

Enlarge / Ally debit card owners are reporting fraudulent charges at a steady cadence over the past week. (credit: Getty Images) Ben Langhofer, a financial planner and single father of three in Wichita, Kansas, decided to start a side business. He had made a handbook for his family, laying out …

Attackers can force Amazon Echos to hack themselves with self-issued commands

Source

Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock …

How $323M in crypto was stolen from a blockchain bridge called Wormhole

Source

Enlarge (credit: Aurich Lawson | Getty Images) This is a story about how a simple software bug allowed the fourth-biggest cryptocurrency theft ever. Hackers stole more than $323 million in cryptocurrency by exploiting a vulnerability in Wormhole, a Web-based service that allows inter-blockchain transactions. Wormhole lets people move digital coins …

The secret Uganda deal that has brought NSO to the brink of collapse

Source

Enlarge / A man walks by the building entrance of Israeli cyber company NSO Group at one of its branches in the Arava Desert on November 11, 2021, in Sapir, Israel. (credit: Amir Levy | Getty Images) In February 2019, an Israeli woman sat across from the son of Uganda’s …

Securing your digital life, part two: The bigger picture—and special circumstances

Source

Enlarge (credit: ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images) In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall …

Securing your digital life, part one: The basics

Source

Enlarge / Artist's impression of how to keep your digital stuff safe from all kinds of threats. (credit: Aurich Lawson | Getty Images) I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better …