Lifeboat Foundation

Over the past 25 years, suicide attacks have emerged as a method used on a large scale by terrorist organizations to inflict lethal damage and create fear and chaos. Data collected by the University of Chicago’s Project on Security & Threats shows that worldwide there were 5, 021 suicide attacks utilizing bombs, which resulted in 47, 253 deaths and 113, 413 wounded from 2000 to 2016.

And recent news reports have highlighted the attempted use of suicide bombs in U.S. subways and city streets as well as on major airlines. An individual willing to sacrifice their own life in an attack is a significant force-multiplier, who too often escapes conventional threat detection methods. However, new technologies may yet close the security gap.

To detect suicide bombers preparing to attack public places and other high-value targets, a research team led by a professor at the Naval Postgraduate School invented a method to detect persons wearing wires or a significant amount of metal that might be part of an explosive device.

Even fitness trackers ruled a big risk due to potential for record-matching identifying your family.

Quantum key distribution is one kind of important cryptographic protocols based on quantum mechanics, in which any outside eavesdropper attempting to obtain the secret key shared by two users will be detected. The successful detection comes from Heisenberg’s uncertainty principle: the measurement of a quantum system, which is required to obtain information of that system, will generally disturb it. The disturbances provide two users with the information that there exists an outside eavesdropper, and they can therefore abort the communication. Nowadays, most people need to share some of their private information for certain services such as products recommendation for online shopping and collaborations between two companies depending on their comm interests. Private Set Intersection Cardinality (PSI-CA) and Private Set Union Cardinality (PSU-CA), which are two primitives in cryptography, involve two or more users who intend to obtain the cardinalities of the intersection and the union of their private sets through the minimum information disclosure of their sets^1,2,3.

The definition of Private Set Intersection (PSI), also called Private Matching (PM), was proposed by Freedman⁴. They employed balanced hashing and homomorphic encryption to design two PSI protocols and also investigated some variants of PSI. In 2012, Cristofaro et al.¹ developed several PSI-CA and PSU-CA protocols with linear computation and communication complexity based on the Diffie-Hellman key exchange which blinds the private information. Their protocols were the most efficient compared with the previous classical related ones. There are also other classical PSI-CA or PSU-CA protocols^5,6,7,8. Nevertheless, the security of these protocols relies on the unproven difficulty assumptions, such as discrete logarithm, factoring, and quadratic residues assumptions, which will be insecure when quantum computers are available^9,10,11.

For the sake of improving the security of PSI-CA protocols for two parties, Shi et al.³ designed a probabilistic protocol where multi-qubit entangled states, complicated oracle operators, and measurements in high N-dimensional Hilbert space were utilized. And the same method in Ref.³ was later used to develop a PSI-CA protocol for multiple parties¹². For easy implementation of a protocol, Shi et al.¹³ leveraged Bell states to construct another protocol for PSI-CA and PSU-CA problems that was more practical than that in Ref.³. In both protocols Ref.³ and Ref.¹³, only two parties who intend to get the cardinalities of the intersection and the union of their private sets are involved. Although Ref.¹² works for multiple parties, it only solves the PSI-CA problem and requires multi-qubit entangled states, complicated oracle operators, and measurements. It then interests us that how we could design a more practical protocol for multiple parties to simultaneously solve PSI-CA and PSU-CA problems. Inspired by Shi et al.’s work, we are thus trying to design a three-party protocol to solve PSI-CA and PSU-CA problems, where every two and three parties can obtain the cardinalities of the intersection and the union of their respective private sets with the aid of a semi-honest third party (TP). TP is semi-honest means that he loyally executes the protocol, makes a note of all the intermediate results, and might desire to take other parties’ private information, but he cannot collude with dishonest parties. We then give a detailed analysis of the presented protocol’s security. Besides, the influence of six typical kinds of Markovian noise on our protocol is also analyzed.

CSL’s Systems and Networking Research Group (SyNRG) is defining a new sub-area of mobile technology that they call “earable computing.” The team believes that earphones will be the next significant milestone in wearable devices, and that new hardware, software, and apps will all run on this platform.

“The leap from today’s earphones to ‘earables’ would mimic the transformation that we had seen from basic phones to smartphones,” said Romit Roy Choudhury, professor in electrical and computer engineering (ECE). “Today’s smartphones are hardly a calling device anymore, much like how tomorrow’s earables will hardly be a smartphone accessory.”

Instead, the group believes tomorrow’s earphones will continuously sense human behavior, run acoustic augmented reality, have Alexa and Siri whisper just-in-time information, track user motion and health, and offer seamless security, among many other capabilities.

The security company FireEye was breached by a sophisticated attack that stole multiple red team assessment tools. Malwarebytes customers are safe.

Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers.

While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen red team tools by both sophisticated and non-sophisticated actors, similar to what we saw in 2017 with the ShadowBrokers group breach of the NSA’s Equation Group.

Circa 2018

Scientists have created an ultrathin, flexible film that can emit laser light — and successfully tested it on a contact lens, demonstrating the possibility of laser eye-beams.

Before you rush out and buy a Cyclops-style visor, it’s not even close to powerful enough to cause damage. Instead, the researchers say, the technology has potential for use as wearable security tags, or even as a type of laser barcode.

Continue reading “Finally, a Contact Lens That Actually Beams Lasers From Your Eyes” »

IBM security researchers said the “precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft.”

Drone privacy laws vary all around the world — and what might get you a great shot in one country could get you jail time in another.

Surfshark, a digital security firm, introduces Mapped: The state of drone privacy laws in (nearly) every country.

Drone privacy is serious business – and what gets you a great image in one country could get you a jail term in another. Finding these laws, however, is hit or miss – so this new research from Surfshark is a great place to start for world travelers.

Continue reading “Drone Privacy Laws Around the World: Surfshark Maps it Out” »

Amazon acknowledged that the system failure was exacerbated by the co-dependencies its various services have on one another. The company had been trying to add capacity to its Amazon Kinesis service that customers use to process real-time data including video, audio and application logs. To resolve the issue, Amazon needed to restart a piece of its system it described as “many thousands of servers,” a lengthy process that had to be done gradually. But because other Amazon cloud services rely on Kinesis, including its Cognito authentication offering, they failed as well.