Security

Playing with kernel TLS in Linux 4.13 and Go

https://blog.filippo.io/playing-with-kernel-tls-in-linux-4-13-and-go/ Linux 4.13 introduces support for nothing less than… TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288. The kernel only handles the record layer, that is, it only takes care

High-Dimensional Quantum Encryption Performed in Real-World City Conditions for First Time

http://www.osa.org/en-us/about_osa/newsroom/news_releases/2017/high-dimensional_quantum_encryption_performed_in_r/ For the first time, researchers have sent a quantum-secured message containing more than one bit of information per photon through the air above a city. The demonstration showed that it could one day be practical to use high-capacity, free-space quantum communication to create a highly secure link between ground-based networks and satellites, a requirement

Today’s Surveillance Society Is Way Beyond Orwellian, Says Brad Templeton | Big Think

http://bigthink.com/videos/brad-templeton-todays-surveillance-society-is-beyond-orwellian Here is an interesting video: Brad Templeton (former chair of EFF) argues that we’re all a part of a surveillance apparatus that would even be beyond the imagination George Orwell. The problem, he says, is the belief that privacy and security are mutually exclusive. 

Using rsync to back up your Linux system | Opensource.com

https://opensource.com/article/17/1/rsync-backup-linux?sc_cid=7016000000127ECAAY All companies, regardless of how large or small, run on their data. There is not a business today ranging from the smallest sole proprietorship to the largest global corporation that could survive the loss of all or even a large fraction of its data.  So backups are imperative to ensure the long-term safety of data. There

Secret chips in replacement parts can completely hijack your phone’s security | Ars Technica

https://arstechnica.com/information-technology/2017/08/a-repair-shop-could-completely-hack-your-phone-and-you-wouldnt-know-it/ Booby-trapped touchscreens can log passwords, install malicious apps, and more. People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The research, in a paper presented this week at the 2017 Usenix

Taking Down the Internet Has Never Been Easier

http://www.darkreading.com/vulnerabilities—threats/taking-down-the-internet-has-never-been-easier/a/d-id/1329580 Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial. On October 29, 1969, two computers linked via telephone exchanged a couple of letters, then crashed.  Fast-forward 48 years, where everything — including the kitchen sink, in the case of smart kitchens — is

Is your encrypted USB drive secure?

https://www.kaspersky.com/blog/encrypted-usb-drives-audit/17948/?utm_source=kasperskysocialchannel.com&utm_medium=Kaspersky+Lab+%28Employees%2C+USA%29&utm_campaign=kasperskysocialchannel.com How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat