StrongPity Attackers Use Malicious Crypto Apps to Target Users
Organized APT groups have been using watering-hole attacks for many years, targeting highly specific groups of victims by compromising legitimate sites or setting up their own malicious copycat sites. Researchers have now uncovered a group that is using this tactic to deliver compromised encryption apps to victims. The group, known as StrongPity, has been operating […]
‘Putting in a Back Door Isn’t the Solution’ to Encryption Debate
Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled. McCaul (R-Texas), speaking […]
On the Wire Podcast: Nick Sullivan
There is an effort underway by some of the larger Internet infrastructure companies to encrypt as much of the network as possible. Google has been working on this for several years, making HTTPS connections the default for many of its services, and CloudFlare has done a lot of work on this as well. This week […]
‘The Horse is Out of the Barn’ on Government Control of Encryption
Controlling the development and deployment of strong encryption may have once been a possibility for intelligence and law enforcement agencies, but those days have passed and will not return, current and former U.S. intelligence officials said Tuesday. The current version of the encryption debate has much to do with the desire of law enforcement agencies and […]
Ash Carter: Government Isn’t Going to Invent a Solution to Crypto Problem
As government leaders and technologists continue to butt heads over the use of strong encryption, the top defense official in the United States said he supports users’ rights to employ the technology and does not thing the government will come up with a magic answer to the crypto problem. Speaking at the TechCrunch Disrupt conference this […]
Here’s an Adult Conversation About Crypto
Earlier this week, FBI Director James Comey said that the country needed to have an “adult conversation” about encryption and how it’s used. To get the ball rolling, here’s what we thought that conversation might sound like. Alice: Bob, I need to talk to you about something. Have a seat. Bob: Uh, ok. Sounds serious. Alice: […]
There is No Encryption Debate
Like most arguments, the encryption debate has gotten more absurd and contentious as time has gone on. And now it appears to have reached its illogical and inevitable denouement, with FBI Director James Comey calling for an “adult conversation” about encryption. One of the oft-overlooked parts of this story is that the encryption debate isn’t actually […]
Critical RNG Flaw Fixed in GnuPG
Researchers have uncovered a critical vulnerability in the GnuPG and Libgcrypt encryption apps that has been around since 1998 and allows an attacker to predict output from the software’s random number generator under some conditions. The vulnerability was discovered by a team from Karlsruhe Institute of Technology in Germany, and the people behind the GnuPG […]
Researchers Find Serious Flaws in iMessage Encryption
New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on itsiMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim’s past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its […]