Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) Its really bad. If youre running Windows 10, go grab the update now. OK, youre updated? Good, lets talk about it now.
The flaw applies to X.509 keys that use elliptic curve cryptography. Weve discussed ECC in the past, but lets review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.
The historic calculation is multiplying large primes, as its unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.
There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.
With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesnt properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve similar enough that the checks in crypt32 dont catch it.
Imagine this scenario. You get an email, click a link, and immediately realize that this isnt the page you thought it was. Close that tab, and all is well, right? You didnt actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.
That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.
Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intels disclosure, there isnt a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.
The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.
Use a cable modem? Theres a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isnt written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesnt have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.
At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.
- Physicists hunt for room-temperature superconductors that could revolutionize the world's energy system - The Conversation US - June 3rd, 2020
- Covid 19 Pandemic: Quantum Computing Technologies Market 2020, Share, Growth, Trends And Forecast To 2025 - 3rd Watch News - May 24th, 2020
- Molecular dynamics used to simulate 100 million atoms | Opinion - Chemistry World - May 23rd, 2020
- Highest-performing quantum simulator IN THE WORLD delivered to Japan - TechGeek - May 18th, 2020
- Light, fantastic: the path ahead for faster, smaller computer processors - News - The University of Sydney - May 18th, 2020
- Wiring the quantum computer of the future - Space Daily - April 29th, 2020
- Technologies That You Can Explore Other Than Data Science During Lockdown - Analytics India Magazine - April 29th, 2020
- Will Quantum Computing Really Change The World? Facts And Myths - Analytics India Magazine - April 23rd, 2020
- Google's top quantum computing brain may or may not have quit - Fudzilla - April 23rd, 2020
- On the Heels of a Light Beam - Scientific American - April 23rd, 2020
- Advanced Encryption Standard (AES): What It Is and How It Works - Hashed Out by The SSL Store - Hashed Out by The SSL Store - April 23rd, 2020
- Google's Head of Quantum Computing Hardware Resigns - WIRED - April 21st, 2020
- COVID-19: Quantum computing could someday find cures for coronaviruses and other diseases - TechRepublic - April 21st, 2020
- The future of quantum computing in the cloud - TechTarget - April 21st, 2020
- Quantum computer chips demonstrated at the highest temperatures ever - New Scientist News - April 17th, 2020
- Alex Garland on 'Devs,' free will and quantum computing - Engadget - April 14th, 2020
- RAND report finds that, like fusion power and Half Life 3, quantum computing is still 15 years away - The Register - April 12th, 2020
- Quantum computing: When to expect the next major leap - TechRepublic - April 12th, 2020
- Cambridge Quantum Computing Performs the World's First Quantum Natural Language Processing Experiment - Quantaneo, the Quantum Computing Source - April 12th, 2020
- The Well-matched Combo of Quantum Computing and Machine Learning - Analytics Insight - March 23rd, 2020
- Picking up the quantum technology baton - The Hindu - March 23rd, 2020
- Research by University of Chicago PhD Student and EPiQC Wins IBM Q Best Paper - HPCwire - March 23rd, 2020
- Honeywell Achieves Breakthrough That Will Enable The Worlds Most Powerful Quantum Computer #47655 - New Kerala - March 23rd, 2020
- Is time broken? Physicists filmed a quantum measurement but the 'moment' was blurry - The Next Web - March 5th, 2020
- What Is Quantum Computing? The Next Era of Computational ... - March 3rd, 2020
- Honeywell says it will soon launch the worlds most powerful quantum computer - TechCrunch - March 3rd, 2020
- Majority of Promising AI Startups Are Still Based in the US - Transport Topics Online - March 3rd, 2020
- 10 Revolutionary Technologies To Lookout For In 2020 - Fossbytes - March 3rd, 2020
- Quantum researchers able to split one photon into three - Space Daily - March 3rd, 2020
- Physicists Captured The Moment That An Atom Enters Quantum Measurement - Somag News - February 29th, 2020
- This Week's Awesome Tech Stories From Around the Web (Through February 29) - Singularity Hub - February 29th, 2020
- IC Breakthroughs: Energy Harvesting, Quantum Computing, and a 96-Core Processor in Six Chiplets - News - All About Circuits - February 29th, 2020
- Top 10 Strategic Technology Breakthroughs That Will Transform Our Lives - Analytics Insight - February 29th, 2020
- New Intel chip could accelerate the advent of quantum computing - RedShark News - February 28th, 2020
- Particle accelerator technology could solve one of the most vexing problems in building quantum computers - Fermi National Accelerator Laboratory - February 28th, 2020
- Top 10 breakthrough technologies of 2020 - TechRepublic - February 28th, 2020
- 21st ISQED Conference to Commence With Focus on Quantum Computing, Security, and AI/ML & Electronic Design - PRNewswire - February 25th, 2020
- NTT Research to Collaborate with UCLA and Georgetown on Cryptography and Blockchain - Yahoo Finance - February 25th, 2020
- Should decision makers be concerned by the threat of quantum? - Information Age - February 25th, 2020
- Keeping classified information secret in a world of quantum computing - Bulletin of the Atomic Scientists - February 11th, 2020
- A neural network that learned to predict the behavior of a quantum system - Tech Explorist - February 9th, 2020
- Deltec Bank, Bahamas A combination of Quantum Computing and Blockchain Technology Will Have a huge Impact on Banking - Press Release - Digital... - February 5th, 2020
- Could Photonic Chips Outpace the Fastest Supercomputers? - Singularity Hub - February 5th, 2020
- Google claims to have invented a quantum computer, but IBM begs to differ - The Conversation CA - January 22nd, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Quantaneo, the Quantum Computing Source - January 22nd, 2020
- U of T's Peter Wittek, who will be remembered at Feb. 3 event, on why the future is quantum - News@UofT - January 17th, 2020
- Quantum Computing Technologies Market 2019, Size, Share, Global Industry Growth, Business Statistics, Top Leaders, Competitive Landscape, Forecast To... - January 17th, 2020
- Kitchener's Angstrom Engineering is making a quantum leap with its next-generation technology - TheRecord.com - January 17th, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Yahoo Finance - January 16th, 2020
- The dark side of IoT, AI and quantum computing: Hacking, data breaches and existential threat - ZDNet - January 16th, 2020
- 'How can we compete with Google?': the battle to train quantum coders - The Guardian - January 16th, 2020
- IBM heads US patent list for 27th consecutive year - Technology Decisions - January 16th, 2020
- New Technique May Be Capable of Creating Qubits From Silicon Carbide Wafer - Tom's Hardware - January 14th, 2020
- The hunt for the 'angel particle' continues - Big Think - January 13th, 2020
- How to verify that quantum chips are computing correctly - MIT News - January 13th, 2020
- Googles Quantum Supremacy will mark the End of the Bitcoin in 2020 - The Coin Republic - January 13th, 2020
- Bleeding edge information technology developments - IT World Canada - January 13th, 2020
- Jeffrey Epstein scandal: MIT professor put on leave, he 'failed to inform' college that sex offender made donations - CNBC - January 10th, 2020
- The teenager that's at CES to network - Yahoo Singapore News - January 10th, 2020
- AI, ML and quantum computing to cement position in 2020: Alibabas Jeff Zhang - Tech Observer - January 8th, 2020
- Perspective: End Of An Era | WNIJ and WNIU - WNIJ and WNIU - January 8th, 2020
- Volkswagen carried out the world's first pilot project for traffic optimization with a quantum computer - Quantaneo, the Quantum Computing Source - January 6th, 2020
- The 12 Most Important and Stunning Quantum Experiments of 2019 - Livescience.com - December 31st, 2019
- Physicists Just Achieved The First-Ever Quantum Teleportation Between Computer Chips - ScienceAlert - December 31st, 2019
- Quantum Supremacy and the Regulation of Quantum Technologies - The Regulatory Review - December 31st, 2019
- The Best of Science in 2019 - Research Matters - December 31st, 2019
- Technology And Society: Can Marketing Save The World? - Forbes - December 31st, 2019
- From the image of a black hole to 'artificial embryos', 2019 was the year of many firsts in science - Economic Times - December 28th, 2019
- Information teleported between two computer chips for the first time - New Atlas - December 26th, 2019
- Same Plastic That Make Legos Could Also Be The Best Thermal Insulators Used in Quantum Computers - KTLA Los Angeles - December 26th, 2019
- Quanta's Year in Math and Computer Science (2019) - Quanta Magazine - December 26th, 2019
- 2019 EurekAlert! Trending Release List the most international ever - Science Codex - December 26th, 2019
- The big science and environment stories of 2019 - BBC News - December 26th, 2019
- Could quantum computing be the key to cracking congestion? - SmartCitiesWorld - December 15th, 2019
- ProBeat: AWS and Azure are generating uneasy excitement in quantum computing - VentureBeat - December 15th, 2019
- Will quantum computing overwhelm existing security tech in the near future? - Help Net Security - December 15th, 2019
- Quantum expert Robert Sutor explains the basics of Quantum Computing - Packt Hub - December 15th, 2019
- Traditional cryptography doesn't stand a chance against the quantum age - Inverse - December 15th, 2019
- China is beating the US when it comes to quantum security - MIT Technology Review - December 15th, 2019
- Technology to Highlight the Next 10 Years: Quantum Computing - Somag News - December 15th, 2019