We\’ll have a frank discussion about the encryption Arms race underway, the side channel attack against gpg research have found, headlines from Back Hat…
And then an epic batch of your questions, our answers!
— Show Notes —
Thanks to:
|
Use our code tech249 to score .COM for $2.49! |
|
|
Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.
|
Direct Download:HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds:HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed |
Researchers have found a side-channel attack which could possibly be used to steal your gnupg keys
- Researchers Yuval Yarom and Katrina Falkner from The University of Adelaide presented their paper at Blackhat
- The Flush+Reload attack is a cache side-channel attack that can extract up to 98% of the private key
- The attack is based on the L3 cache, so it works across all cores, unlike previous attacks where the attacker had to be on the same CPU core as the victim
- This attack works across VMs, so an attacker in one VM could extract the GnuPG from another VM, even if it is executing on a different CPU
- Research Paper
More Encryption Is Not the Solution
- Poul-Henning Kamp (PHK) wrote an article for ACM Queue about how Encryption is not the answer to the spying problems
- Inconvenient Facts about Privacy
- Politics Trumps Cryptography – Nation-states have police forces with guns. Cryptographers and the IETF (Internet Engineering Task Force) do not.
- Not Everybody Has a Right to Privacy – Prisoners are allowed private communication only with their designated lawyers
- Encryption Will Be Broken, If Need Be – Microsoft refactors Skype to allow wiretapping
- Politics, Not Encryption, Is the Answer
- “There will also always be a role for encryption, for human-rights activists, diplomats, spies, and other professionals. But for Mr. and Mrs. Smith, the solution can only come from politics that respect a basic human right to privacy—an encryption arms race will not work”
- PHK postulates that a government could approach a cloud service as say “on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide” and then hide it in the Cookie header
Interview with Brendan Gregg
- Buy on Amazon: DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X and FreeBSD
- Yelling at hard drives
Feedback:
Correction Section
Echos from the Hall of Shame
-
[HallOfShame] Microsoft not allowing passwords longer than 16 characters. Not hashing? : techsnap
-
[HallOfShame] Commonwealth Bank Password Limitations : techsnap
Round Up:
- Gmail, Outlook.com and e-voting \’pwned\’ on stage in crypto-dodge hack
- Judge blocks researching from disclosing vulnerability in Volkswagen immobiliation system
- Researchers reveal how to hack an iPhone in 60 seconds
- Edward Snowden is not the story, the Death of the Internet is
- Moscow Subway To Use Devices To Read Data On Phones
- Black Hat paper spells out how advertising networks will build future botnets
- Google changes stance on Net Neutrality
- Black Hat: Disabling a car’s brakes by backing its onboard computer
- Google Copyright Infringement Reports to Quadruple This Year
- PHK’s musings and rants about HTTP/2.0