Summary

Top Articles:

  • Billions of Devices Open to Wi-Fi Eavesdropping Attacks
  • FBI asks Apple to help it unlock iPhones of naval base shooter
  • Big bad decryption bug in OpenSSL – but no cause for alarm
  • Popular NFT Marketplace Phished for $540M
  • SHA-3 code execution bug patched in PHP – check your version!
  • Introducing post-quantum Cloudflare Tunnel
  • Properly Signed Certificates on CPE Devices
  • Cranim: A Toolkit for Cryptographic Visualization

SHA-3 code execution bug patched in PHP – check your version!

Published: 2022-11-01 14:09:10

Popularity: 24

Author: Paul Ducklin

Keywords:

  • Cryptography
  • Vulnerability
  • cryptograhpy
  • CVE-2022-37454
  • PHP
  • sha-3
  • As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

    ...more

    Introducing post-quantum Cloudflare Tunnel

    Published: 2022-10-03 13:00:00

    Popularity: 2

    Author: Bas Westerbaan

    Keywords:

  • Birthday Week
  • Post-Quantum
  • Tunnel
  • Research
  • Cryptography
  • Every connection we make post-quantum secure, we remove one opportunity for compromise: that's why we are announcing post-quantum Cloudflare Tunnel to help you secure every connection to our network

    ...more

    Popular NFT Marketplace Phished for $540M

    Published: 2022-07-11 20:06:10

    Popularity: 43

    Author: Nate Nelson

    Keywords:

  • Cryptography
  • Hacks
  • In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

    ...more

    Big bad decryption bug in OpenSSL – but no cause for alarm

    Published: 2021-08-27 01:03:21

    Popularity: 44

    Author: Paul Ducklin

    Keywords:

  • Cryptography
  • Uncategorized
  • Vulnerability
  • buffer overflow
  • CVE-2021-3711
  • CVE-2021-3712
  • openssl
  • vulnerability
  • The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

    ...more

    Billions of Devices Open to Wi-Fi Eavesdropping Attacks

    The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

    ...more

    Properly Signed Certificates on CPE Devices

    Published: 2020-02-04 09:04:08

    Popularity: None

    Author: m4ttlewis

    Keywords:

  • Cryptography
  • Hardware & Embedded Systems
  • Research
  • UK/European Research
  • Certificates
  • CPE
  • Router
  • 🤖: ""Secure Certs Only""

    During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices →

    ...more

    FBI asks Apple to help it unlock iPhones of naval base shooter

    This could signal a renewed war between Apple and law enforcement over breaking encryption.

    ...more

    Cranim: A Toolkit for Cryptographic Visualization

    Published: 2024-05-24 19:30:00

    Popularity: None

    Author: Eli Sohl

    Keywords:

  • Cryptography
  • Resources
  • Tool Release
  • 🤖: "encrypting brains"

    Let’s kick this off with some examples. Here’s a seamless loop illustrating CBC-mode encryption: Here’s a clip showing a code block being rewritten to avoid leaking padding information in error messages: Here’s an illustration of a block cipher operating in CTS mode: You may be surprised to learn that each of these illustrations was generated […]

    ...more

    end