cybersecurity   4895

« earlier    

Here's every patch for KRACK Wi-Fi vulnerability available right now
"Vendors are reacting swiftly to a vulnerability that lets attackers eavesdrop on your network traffic."
security  cybersecurity 
yesterday by jimmykduong
Millions of high-security crypto keys crippled by newly discovered flaw | Ars Technica
The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli, which will be presented on November 2 at the ACM Conference on Computer and Communications Security. The vulnerability was discovered by Slovak and Czech researchers from Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, UK, and Ca' Foscari University in Italy. To give people time to change keys, the paper describing the factorization method isn't being published until it's presented at the conference.

The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. The library allows people to generate keys with smartcards rather than with general-purpose computers, which are easier to infect with malware and hence aren't suitable for high-security uses. The library runs on hardware Infineon sells to a wide range of manufacturers using Infineon smartcard chips and TPMs. The manufacturers, in turn, sell the wares to other device makers or end users. The flaw affects only RSA encryption keys, and then only when they were generated on a smartcard or other embedded device that uses the Infineon library.

Factorizing a 2048-bit RSA key generated with the faulty Infineon library, by contrast, takes a maximum of 100 years, and on average only half that. Keys with 1024 bits take a maximum of only three months.

Both the flawed Infineon library and the Taiwanese digital ID system passed the FIPS 140-2 Level 2 and the Common Criteria standards. Both certifications are managed by the National Institute of Standards and Technology. Both certifications are often mandatory for certain uses inside government agencies, contractors, and others.
cybersecurity  tpm  rsa  crypto 
2 days ago by bwiese
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more | Ars Technica
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
wpa2  security  wifi  wireless  protocol  cybersecurity 
2 days ago by bwiese

« earlier    

related tags

!uwitm  ?  0day  1day  2016  2017  5g  ai  aiuhoh  analysis  android  api  ar  article  artificialintelligence  attack  attribution  author  base64  best-practices  bibliography  bigdata  bigtech  biometrics  bitcoin  blockchain  bothell.reporter  business  buzzfeed  campaignfinance  cio  cis3360  cis4615  cloud  computaional_advertising  conference  connectedcars  contractorthreat  credit-reporting-agencies  crypto  cryptography  cseu17  cyberattack  cyberattacks  cyberaware  datascience  datasec  dataviz  dccc  defcon  description  digital-identity  digital  disinformation  disruption  dlink  dns  dnssec  edtech  elasticsearch  election2016  ethereum  ethics  fintech  firewire  gafa  google  gps  hack  hacker  hacking  hrc  identifiers  identity  ii  iiot  incentives  incidentresponse  industry40  infographic  infosec  innovation  insuretech  international_affairs  internet  iot  iotswc17  it  linksys  m2m  machinelearning  market_research  marketing  microphone  microsoft  ml  models  motherboard  netgear  networking  networks  north_korea  orgbehavior  osint  password  patching  pcap  phishing  physicalsecurity  politico  privacy  protocol  putin  robotics  robots  router  routers  rsa  russia  sans  security  seoexpert  smartcity  smartdata  smm  social_media  social_networks  socialmedia  software  sources  spy  ssn  steven-bellovin  teaching  tech  technology  tools  tpm  united_states_of_america  us_elections  usb  usenix  uw:bothell  vpn  vr  vulnerabilities  vulnerability  wapo  wearables  webapps  wifi  windows  wireless  workplaces  wpa  wpa2  wsj 

Copy this bookmark: