cryptography
Cleantech and Quantum Computing: Critical Infrastructure Cybersecurity
As cleantech becomes a bigger part of U.S. critical infrastructure, it faces a bigger risk from cyberattackers leveraging quantum attacks ...
Power LED Side-Channel Attack
This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached ...
Encryption Evolution is on the Horizon
Quantum computers are an emerging technology that will revolutionize several aspects of computational power across countless fields. One of the more concerning predictions is the likelihood that quantum computers will eventually break ...
AI-Generated Steganography
New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party ...
Real World Crypto 2023 Recap
Last month, hundreds of cryptographers descended upon Tokyo for the first Real World Crypto Conference in Asia. As in previous years, we dispatched a handful of our researchers and engineers to present ...
Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise
Microsoft’s Azure Active Directory B2C service contained a cryptographic flaw which allowed an attacker to craft an OAuth refresh token with the contents for any user account. An attacker could redeem this ...
Amazing Fast Crypto for IoT — US NIST Fingers ASCON
Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill ...
Attacking Machine Learning Systems
The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because ...
“Mobile application vulnerabilities: The hidden threat to sensitive data and security”
Introduction Mobile developers must be constantly aware of security flaws and possess the knowledge necessary to mitigate them in light of the increasing number of mobile apps. Developers can learn how to ...
Keeping the wolves out of wolfSSL
By Max Ammann Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS scores ranging from medium to critical, can ...