Seeing this hack was so humiliating as an American. It was a combination of “are we the baddies” and “wait if we are the bad guys, why didn’t we at least make sure the Imperial Walkers have better traction control and balance.”
Congress is pushing again on the Juniper hack. This is the 2015 breach where unknown attackers broke into Juniper and re-purposed what appeared to be a design backdoor in order to spy on Juniper’s customers. https://www.reuters.com/article/us-juniper-encryption-congress-idUSKBN23H2C9
Academics in Cryptography/Security : have you heard of either COINTELPRO or the Church Committee?
Facebook paid for an zeroday against Tails, the privacy focused OS used by activists, to nail a horrific child predator. They gave it to the FBI. Queue moral debate over ends vs means. But here's the thing, after it was done they never fixed the bug. https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez
Researchers in academia spend half a year developing a proof of concept and another half a year in disclosure embargo to make sure the fixes arrive before the exploits. If them doing gimmicky marketing is what advances their academic career, it's a reasonable trade-off IMO.
I’m really looking for explicit threats, either informal ones or actual formal legal threats. Chilling effects are interesting, too. If you don’t want to respond on Twitter, just google my name for my email. Thank you.
Are you a security researcher, and has any company/vendor threatened you with the specter of DMCA/1201 litigation (“circumvention”/distribution) in the period 2017-2020? Or do you know anyone who was?
Happy Tuesday. Today’s paper is called “Privacy-Utility Tradeoffs in Routing Cryptocurrencies”, by Weizhao Tang, @WeinaWeinaWang, Sewoong Oh, and yours truly. #Sigmetrics2020 @ACMSigmetrics
The intellectual contribution of Indian students, professors & engineers to Computer Science (and many other fields) in the US is immeasurable. A 25% drop in enrollments is really distressing news: https://qz.com/india/1866355/indians-fed-up-of-trumps-h-1b-opt-green-card-moves-eye-canada/?utm_source=YPL&yptr=yahoo
Pay attention to what’s happening in Georgia today. Voting machines are broken, people are standing in line for hours, and state election officials are largely silent. This what November will look like and we need to begin preparing now.
In 2017, my activist organization @fightfortheftr was targeted by the hacking-for-hire firm covered today in Reuters. Since Zbay (my new project) is partly inspired by this experience, I thought I'd share some thoughts here... https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ
Another signature spoof using GPG, this time through the "safer" GPGME API. Great work, Justin, and congrats! https://twitter.com/justinsteven/status/1270113960021209088
Oh look, another another complete break of SGX. What a surprise, I never would have seen that coming, again. https://sgaxe.com/ https://twitter.com/feministPLT/status/1238864342206107648
Signal iOS now includes a new feature that makes it possible to switch to a brand-new iPhone or iPad while securely transferring Signal information from your existing iOS device.
Good article from @dangoodin001 on the two new Intel vulnerabilities, CrossTalk and SGAxe. https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-intels-ultrasecure-sgx/
Seems like @github has flagged the @SGAxe_AaaS bot somehow, which is blocking its tweets. Hey @github, stop messing with academic research.
Never use GnuTLS. https://twitter.com/__agwa/status/1270054737317113857
uncomfortable thought: if SGX is helping secure the signal passcode service, and people reuse their ios passcode for signal, what impact does this have on their device security?
so describing the role of SGX as “purely additive” seems like a motte-and-bailey maneuver. it’s not like Signal tells their users that they have to choose a 128 bit passcode to have security, after all.
Counting the minutes until Twitter deletes the SGX attestation twitter bot. Counting the days until Intel revokes its signing keys ;)