Group items tagged

"Some people assume that once quantum computing comes along modern encryption technologies will be outpowered. But experts are starting to posit that hash functions and asymmetric encryption could defend not only against modern computers, but also against quantum attackers from the future."

"Astonishingly, even as the UK government praises end-to-end encryption abroad, it is undermining it at home. The Online Safety Bill, which continues to proceed through parliament after being mentioned in the Queen's Speech, will target platforms that use end-to-end encryption by "placing a duty of care on service providers within the scope of the draft bill to moderate illegal and harmful content on their platforms, with fines and penalties for those that fail to uphold this duty". "

"This week, the tech giant announced it had begun rolling out automatic encryption for direct messages on its Facebook and Messenger platforms to more than 1 billion users. Under the changes, Meta will no longer have access to the contents of the messages that users send or receive unless one participant reports a message to the company. As a result, messages will not be subject to content moderation unless reported, which social media companies undertake to detect and report abusive and criminal activity. Encryption hides the contents of a message from anyone but the sender and the intended recipient by converting text and images into unreadable cyphers that are unscrambled on receipt."

"Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer."

"Google released a beta test version of its Chrome browser that attempts to keep your data secure even if today's uncrackable encryption becomes tomorrow's code-breaking cakewalk. The Chrome 54 beta gets the ability to encipher data sent to and from websites with a technology called CECPQ1. It "protects against future attacks using large quantum computers," Google said in a blog post Thursday."

"One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. "

"Apple has warned the UK government that proposals in the draft Investigatory Powers Bill to demand technology firms weaken encryption would make the data of millions of law-abiding citizens less secure and make it easier for hackers to "cause chaos"."

"MEETINGS ON ZOOM, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto."

"That's the crux of the problem. While you can legislate to only give state agencies access to terrorists' communications, and with proper oversight and authorisation, you cannot actually build encryption that works like that. If you put a backdoor in, it's there not just for security services to exploit, but for cyber-criminals, oppressive regimes and anyone else."

"Zoom is not encrypting calls for free accounts with end to end encryption so they can provide law enforcement and the Federal Bureau of Investigation with content from those calls. As protesters demonstrate in the wake of the murder of George Floyd, law enforcement has deployed a wide range of surveillance tools to monitor and track protesters－including facial recognition software and contact tracing technology. They are working to get information from every source possible to disrupt and even arrest people involved with the protests."

"As the lava lamps bubble and swirl, a video camera on the ceiling monitors their unpredictable changes and connects the footage to a computer, which converts the randomness into a virtually unhackable code.  Why use lava lamps for encryption instead of computer-generated code? Since computer codes are created by machines with relatively predictable patterns, it is entirely possible for hackers to guess their algorithms, posing a security risk. Lava lamps, on the other hand, add to the equation the sheer randomness of the physical world, making it nearly impossible for hackers to break through."

"The folks at Signal are taking one of the four post-quantum cryptography algorithms that have been chosen by the US National Institute of Standards and Technology to withstand attacks by quantum computers, but instead of using it to replace their existing public-key encryption system, they are layering the new algorithm on top of what they already have. "We are augmenting our existing cryptosystems," they say, "such that an attacker must break both systems in order to compute the keys protecting people's communications." And they will be rolling out this augmented system to all users in the next few months."

"They aren't limited by human notions of attention; they can watch everyone at the same time. So while it may be true that using encryption is something the NSA takes special note of, not using it doesn't mean you'll be noticed less. The best defense is to use secure services, even if it might be a red flag. Think of it this way: you're providing cover for those who need encryption to stay alive."

"Kristoffer Koch invested 150 kroner ($26.60) in 5,000 bitcoins in 2009, after discovering them during the course of writing a thesis on encryption. He promptly forgot about them until widespread media coverage of the anonymous, decentralised, peer-to-peer digital currency in April 2013 jogged his memory. Bitcoins are stored in encrypted wallets secured with a private key, something Koch had forgotten."

"The agency has invested nearly $80 million to build a computer that could break "nearly every kind of encryption," according to a Washington Post report published online Thursday. Based on documents provided by former NSA contractor Edward Snowden, the Post reports the NSA is racing to build a "cryptologically useful quantum computer" research program called "Penetrating Hard Targets.""

"But ISPs in the USA and Thailand have been caught sabotaging STARTTLS, interrupting the negotiation between mail-servers to prevent the encryption bit from being turned on, leaving millions of peoples' email liable to snooping by crooks, governments, spies and others. "

"Encryption is the digital lock which gives us the security to trust our financial data and inner-most thoughts to the cloud, and without which everything, and I mean everything, in our digital lives might be exposed. "

"There will be more where that came from. So it's time for a reality check. Quantum computers are interesting, but experience so far suggests they are exceedingly tricky to build and even harder to scale up. There are now about 50 working machines, most of them minuscule in terms of qubits. The biggest is one of IBM's, which has - wait for it - 433 qubits, which means scaling up to 20m qubits might, er, take a while. This will lead realists to conclude that RSA encryption is safe for the time being and critics to say that it's like nuclear fusion and artificial general intelligence - always 50 years in the future."

"The government is introducing some amendments in time for the report stage on 12 July, with another batch to be announced shortly after. Under one confirmed change, tech firms will be required to shield internet users from state-sponsored disinformation that poses a threat to UK society and democracy. This is a tightening of existing proposals on disinformation in the bill, which already require tech firms to take action on state-sponsored disinformation that harms individuals - such as threats to kill. Another confirmed amendment is equally incremental. A clause in the bill aimed at end-to-end encrypted services already gives Ofcom the power to require those platforms to adopt "accredited technology" to detect child sexual abuse and exploitation [CSEA] content. If that doesn't work, then they must use their "best endeavours" to develop or deploy new technology to spot and remove CSEA. This move appears to be aimed at Mark Zuckerberg's plans to introduce end-to-end encryption on Facebook Messenger and Instagram."

"Facebook and Twitter reported to have been blocked in run-up to protests, with people turning to VPNs to broadcast content"