All posts in Cryptography

The hotly anticipated ray-tracing, advanced gaming graphics chip will throttle Ethereum mining. Nvidia, the chip company known for its gaming-friendly graphical processing units (GPUs), said it will introduce a new chipset crafted to thwart crypto-mining. Experts applaud the effort, but are skeptical the move will take the bullseye off the . . . Read more

The open CA prepares for ‘worst scenarios’ with new fiber, servers, cryptographic signing and more. Let’s Encrypt just announced an infrastructure makeover which means the open certificate authority (CA) is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in . . . Read more
11 Feb, 2021
chrome, coffee, crypto, Cryptography, Exploit, google, Google Chrome, Hacking, Mifare, Naked Security Podcast, podcast, Security News, security threats, Vulnerability
0

by Paul Ducklin We delve into Google’s tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW . . . Read more
04 Feb, 2021
Apple, botnet, Cryptography, emotet, Exploit, iOS, iPhone, Law & order, Linux, Malware, Naked Security Podcast, podcast, Security News, takedown, Vulnerability
0

by Paul Ducklin Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And . . . Read more

by Paul Ducklin Dutch cybersecurity researcher Polle Vanhoof just published a fascinating and well-written paper about an exploitable hole he found in the payment system used in some Nespresso prepaid coffee machines. That’s actually much better news than it sounds. Vanhoof disclosed the flaw back in September 2020; has publicly . . . Read more

Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal. Hundreds of investors in a fake cryptocurrency scam were bilked out of $11 million by John DeMarr, who advised them to invest in fake cryptocurrency “Bitcoiin,” took their money and spent it on a . . . Read more
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. Members of Congress are demanding the U.S. National Security Agency (NSA) reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. . . . Read more
The flaw in the free-source library could have been ported to multiple applications. The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. . . . Read more

by Paul Ducklin Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy . . . Read more
28 Jan, 2021
Apple, Biometrics, Cryptography, iOS, Naked Security Podcast, podcast, Privacy, Ransomware, rapid response, Security News, touchid
0

by Paul Ducklin What’s the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And who would you call if you spotted a deceased former colleague hanging out on your network? With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro . . . Read more