Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: privacy – Page 16

US Govt Warns of Attacks on Unpatched Pulse VPN Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.

This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the Canadian Centre for Cyber Security, and UK’s National Cyber Security Center (NCSC).

Pulse Secure reported the vulnerability tracked as CVE-2019–11510 and disclosed by Orange Tsai and Meh Chang from the DEVCORE research team, and by Jake Valletta from FireEye in an April 2019 out-of-cycle advisory.

NSA, Army Seek Quantum Computers Less Prone to Error

Even ordinary computers flip a bit here and there, but their quantum cousins have a lot more ways to go wrong.

As the power and qubits in quantum computing systems increase, so does the need for cutting-edge capabilities to ascertain that they work. The Army Research Office and National Security Agency recently teamed up to solicit proposals for research that can help do exactly that.

The entities launched a broad agency announcement this week to boost the development of innovative techniques and protocols that allow for Quantum Characterization, Verification, and Validation, or QCVV, of intermediate-scale quantum systems. QCVV is essentially the science of quantifying how well a quantum computer can run quantum algorithms—and experts agree that it’s a necessary step towards useful quantum computing.

Crack down on genomic surveillance

A much broader array of stakeholders must engage with the problems that DNA databases present. In particular, governments, policymakers and legislators should tighten regulation and reduce the likelihood of corporations aiding potential human-rights abuses by selling DNA-profiling technology to bad actors — knowingly or negligently. Researchers working on biometric identification technologies should consider more deeply how their inventions could be used. And editors, reviewers and publishers must do more to ensure that published research on biometric identification has been done in an ethical way.

Corporations selling DNA-profiling technology are aiding human-rights abuses. Governments, legislators, researchers, reviewers and publishers must act.

Future Consequences of Cryptocurrency Use: Systemic Investigation of Two Scenarios

We face complexity, ambiguity, and uncertainty about the future consequences of cryptocurrency use. There are doubts about the positive and negative impacts of the use of cryptocurrencies in the financial systems. In order to address better and deeper the contradictions and the consequences of the use of cryptocurrencies and also informing the key stakeholders about known and unknown emerging issues in new payment systems, we apply two helpful futures studies tools known as the “Future Wheel”, to identify the key factors, and “System Dynamics Conceptual Mapping”, to understand the relationships among such factors. Two key scenarios will be addressed. In on them, systemic feedback loops might be identified such as a) terrorism, the Achilles’ heel of the cryptocurrencies, b) hackers, the barrier against development, and c) information technology security professionals, a gap in the future job market. Also, in the other scenario, systemic feedback loops might be identified such as a) acceleration of technological entrepreneurship enabled by new payment systems, b) decentralization of financial ecosystem with some friction against it, c) blockchain and shift of banking business model, d) easy international payments triggering structural reforms, and e) the decline of the US and the end of dollar dominance in the global economy. In addition to the feedback loops, we can also identify chained links of consequences that impact productivity and economic growth on the one hand, and shift of energy sources and consumption on the other hand.

Watch the full length presentation at Victor V. Motti YouTube Channel

The NSA Makes Its Powerful Cybersecurity Tool Open Source

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

No one’s better at hacking than the NSA. And now one of its powerful tools is available to everyone for free.

Researchers Think It’s a Good Idea to Secure Your Phone Using the One Thing You Perpetually Lose

Apple’s FaceID authentication system started moving smartphone users away from relying on fingerprints to secure their mobile devices, which are arguably less secure. But researchers think they’ve come up with an even better biometric tool for protecting a device that uses a part of the body that’s nearly impossible to spoof: a user’s ear canals.

A team of researchers led by Zhanpeng Jin, an associate professor in the Department of Computer Science and Engineering in the University of Buffalo’s School of Engineering and Applied Sciences, created a new authentication tool called EarEcho, which is somewhat self-explanatory. The team modified a set of off the shelf earbuds with a tiny microphone that points inside the wearer’s ear, not out towards the world around them. It’s not there to pick up ambient sounds to facilitate a noise-canceling or feature, or even the wearer’s voice for making calls; the tiny mic is instead tuned to listen to the echo of sounds as they’re played and then propagate through the ear canal.

Was SHA-256 cracked? Don’t buy into retraction!

SHA-256 is a one way hashing algorithm. Cracking it would have tectonic implications for consumers, business and all aspects of government including the military.

It’s not the purpose of this post to explain encryption, AES or SHA-256, but here is a brief description of SHA-256. Normally, I place reference links in-line or at the end of a post. But let’s get this out of the way up front:

One day after Treadwell Stanton DuPont claimed that a secret project cracked SHA-256 more than one year ago, they back-tracked. Rescinding the original claim, they announced that an equipment flaw caused them to incorrectly conclude that they had algorithmically cracked SHA-256.

Continue reading “Was SHA-256 cracked? Don’t buy into retraction!” | >

Silicon Valley’s final frontier for mobile payments — ‘the neoliberal takeover of the human body’

Biometric mobile wallets — payment technologies using our faces, fingerprints or retinas — already exist. Notable technology companies including Apple AAPL, +2.62% and Amazon AMZN, +0.26% await a day when a critical mass of consumers is sufficiently comfortable walking into a store and paying for goods without a card or device, according to Sinnreich, author of “The Essential Guide to Intellectual Property.”

Removing the last physical barrier — smartphones, watches, smart glasses and credit cards — between our bodies and corporate America is the final frontier in mobile payments. “The deeper the tie between the human body and the financial networks, the fewer intimate spaces will be left unconnected to those networks,” Sinnreich said.

/* */