Go to Top

October 2015

Fault in ID cards quickly becoming a nightmare for Estonian government

Eesti Päevaleht writes that the Estonian government is deeply worried that the fact that Estonian electronic identity cards issued to e-residents from abroad are faulty is already affecting Estonia’s image abroad as a leading tech country. On September 15, product manager of Sertifitseerimiskeskus Jaan Murumets, informed Google’s security executive David Benjamin that Estonia’s electronic identity cards had a fault and that the latest version of Google’s Chrome web browser is …Read More

How is NSA breaking so much crypto?

There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt …Read More

Details and images on almost 300 patents filed by the National Security Agency

NSA patents are special: they never expire and they usually aren’t revealed to the public. Unless someone else files an identical patent application, that is. In that case, the NSA’s ownership is published by the US Patent and Trademark Office (USPTO). We’ve collected data made available by the USPTO to build a unified database of 200 NSA patents publicly granted to the NSA and published on USPTO and 78 NSA …Read More

Thousands of ‘directly hackable’ hospital devices exposed online

Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a “very large” unnamed US healthcare organization exposing more than 68,000 medical systems. That US org has some 12,000 staff and 3,000 physicians. Exposed were 21 anaesthesia, 488 cardiology, 67 nuclear medical, and …Read More

German Federal Office for Information Security Joins FIDO Alliance to Advance Adoption of Simpler, Stronger Authentication in Europe

The FIDO (Fast IDentity Online) Alliance, an industry consortium launched in 2013 to revolutionize online security with open standards for simpler, stronger authentication, today announces that the German Federal Office for Information Security (BSI-Bundesamt fuer Sicherheit in der Informationstechnik) is the latest to join the Alliance under the government membership program launched earlier this year. Through the program, which includes the U.S. and U.K., governments of the world engage directly …Read More

SHA-1 Freestart Collision

We present in this article a freestart collision example for SHA-1, i.e., a collision for its internal compression function. This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, while only 10 days of computation on a 64 GPU cluster were necessary to perform the attack. This work builds on a continuous series of cryptanalytic advancements on SHA-1 since the theoretical collision attack …Read More

A Progress Report on FIDO Authentication

The Fast Identity Online (FIDO) Alliance was founded in the summer of 2012 by several vendors, including PayPal and Lenovo, with the goal of bringing a series of technical specifications to the strong authentication market. These specifications go under the names Universal Authentication Framework (UAF) and Universal Second Factor (U2F). The former isn’t necessarily stronger auth, but rather specifications for a software stack that can support better methods. Up until …Read More

Peter Shor Explains His Namesake Encryption-Crumbling Quantum Algorithm

When people talk about the “cryptopocalypse,” in which classical encryption methods are summarily rendered obsolete by quantum computing technology, they’re usually talking about Shor’s algorithm, whether or not they realize it. Quantum computing isn’t magic, after all, and it’s just as much a realm of computer scientists and algorithms as the technology we work with today. There are just some different rules. Peter Shor figured out how to exploit those …Read More

Authentication: The Enterprise’s Weakest Link

Authentication is a weak link in any enterprise security solution, primarily because it relies heavily on how people use it. It’s also one of the most important factors, and any flaws can lead to significant issues and costly cyberattacks. As just one example, earlier this year the IBM-discovered Dyre Wolf campaign stole over $1 million from targeted enterprise organizations by using sophisticated social engineering and others means to circumvent two-factor …Read More