Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) Its really bad. If youre running Windows 10, go grab the update now. OK, youre updated? Good, lets talk about it now.
The flaw applies to X.509 keys that use elliptic curve cryptography. Weve discussed ECC in the past, but lets review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.
The historic calculation is multiplying large primes, as its unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.
There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.
With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesnt properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve similar enough that the checks in crypt32 dont catch it.
Imagine this scenario. You get an email, click a link, and immediately realize that this isnt the page you thought it was. Close that tab, and all is well, right? You didnt actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.
That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.
Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intels disclosure, there isnt a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.
The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.
Use a cable modem? Theres a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isnt written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesnt have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.
At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.
- Keeping classified information secret in a world of quantum computing - Bulletin of the Atomic Scientists - February 11th, 2020
- A neural network that learned to predict the behavior of a quantum system - Tech Explorist - February 9th, 2020
- Deltec Bank, Bahamas A combination of Quantum Computing and Blockchain Technology Will Have a huge Impact on Banking - Press Release - Digital... - February 5th, 2020
- Could Photonic Chips Outpace the Fastest Supercomputers? - Singularity Hub - February 5th, 2020
- Google claims to have invented a quantum computer, but IBM begs to differ - The Conversation CA - January 22nd, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Quantaneo, the Quantum Computing Source - January 22nd, 2020
- U of T's Peter Wittek, who will be remembered at Feb. 3 event, on why the future is quantum - News@UofT - January 17th, 2020
- Quantum Computing Technologies Market 2019, Size, Share, Global Industry Growth, Business Statistics, Top Leaders, Competitive Landscape, Forecast To... - January 17th, 2020
- Kitchener's Angstrom Engineering is making a quantum leap with its next-generation technology - TheRecord.com - January 17th, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Yahoo Finance - January 16th, 2020
- The dark side of IoT, AI and quantum computing: Hacking, data breaches and existential threat - ZDNet - January 16th, 2020
- 'How can we compete with Google?': the battle to train quantum coders - The Guardian - January 16th, 2020
- IBM heads US patent list for 27th consecutive year - Technology Decisions - January 16th, 2020
- New Technique May Be Capable of Creating Qubits From Silicon Carbide Wafer - Tom's Hardware - January 14th, 2020
- The hunt for the 'angel particle' continues - Big Think - January 13th, 2020
- How to verify that quantum chips are computing correctly - MIT News - January 13th, 2020
- Googles Quantum Supremacy will mark the End of the Bitcoin in 2020 - The Coin Republic - January 13th, 2020
- Bleeding edge information technology developments - IT World Canada - January 13th, 2020
- Jeffrey Epstein scandal: MIT professor put on leave, he 'failed to inform' college that sex offender made donations - CNBC - January 10th, 2020
- The teenager that's at CES to network - Yahoo Singapore News - January 10th, 2020
- AI, ML and quantum computing to cement position in 2020: Alibabas Jeff Zhang - Tech Observer - January 8th, 2020
- Perspective: End Of An Era | WNIJ and WNIU - WNIJ and WNIU - January 8th, 2020
- Volkswagen carried out the world's first pilot project for traffic optimization with a quantum computer - Quantaneo, the Quantum Computing Source - January 6th, 2020
- The 12 Most Important and Stunning Quantum Experiments of 2019 - Livescience.com - December 31st, 2019
- Physicists Just Achieved The First-Ever Quantum Teleportation Between Computer Chips - ScienceAlert - December 31st, 2019
- Quantum Supremacy and the Regulation of Quantum Technologies - The Regulatory Review - December 31st, 2019
- The Best of Science in 2019 - Research Matters - December 31st, 2019
- Technology And Society: Can Marketing Save The World? - Forbes - December 31st, 2019
- From the image of a black hole to 'artificial embryos', 2019 was the year of many firsts in science - Economic Times - December 28th, 2019
- Information teleported between two computer chips for the first time - New Atlas - December 26th, 2019
- Same Plastic That Make Legos Could Also Be The Best Thermal Insulators Used in Quantum Computers - KTLA Los Angeles - December 26th, 2019
- Quanta's Year in Math and Computer Science (2019) - Quanta Magazine - December 26th, 2019
- 2019 EurekAlert! Trending Release List the most international ever - Science Codex - December 26th, 2019
- The big science and environment stories of 2019 - BBC News - December 26th, 2019
- Could quantum computing be the key to cracking congestion? - SmartCitiesWorld - December 15th, 2019
- ProBeat: AWS and Azure are generating uneasy excitement in quantum computing - VentureBeat - December 15th, 2019
- Will quantum computing overwhelm existing security tech in the near future? - Help Net Security - December 15th, 2019
- Quantum expert Robert Sutor explains the basics of Quantum Computing - Packt Hub - December 15th, 2019
- Traditional cryptography doesn't stand a chance against the quantum age - Inverse - December 15th, 2019
- China is beating the US when it comes to quantum security - MIT Technology Review - December 15th, 2019
- Technology to Highlight the Next 10 Years: Quantum Computing - Somag News - December 15th, 2019
- Quantum Trends And The Internet of Things - Forbes - December 6th, 2019
- Quantum supremacy is here, but smart data will have the biggest impact - Quantaneo, the Quantum Computing Source - December 6th, 2019
- Beer With Bella: Tyson Yunkaporta - The New York Times - December 6th, 2019
- The New Cold War? Its With China, and It Has Already Begun - The New York Times - December 2nd, 2019
- How Countries Are Betting on to Become Supreme in Quantum Computing - Analytics Insight - December 2nd, 2019
- Study: Our universe may be part of a giant quantum computer - The Next Web - November 28th, 2019
- First quantum computing conference to take place in Cambridge - Cambridge Independent - November 28th, 2019
- Threat of quantum computing hackathon to award $100,000 - App Developer Magazine - November 28th, 2019
- World High Performance Computing (HPC) Market Oulook Report, 2019-2024 - HPC Will Be Integral to Combined Classical & Quantum Computing Hybrid... - November 28th, 2019
- ETU "LETI" first won the Bertrand Meyer Award - QS WOW News - November 28th, 2019
- Global Quantum Computing Market is Set to Experience Revolutionary Growth With +25% CAGR by 2025 | Top Players D-Wave Systems Inc., QX Branch, Google... - November 28th, 2019
- Japan plots 20-year race to quantum computers, chasing US and China - Nikkei Asian Review - November 23rd, 2019
- A super cover illustration highlights superconductivity research - The Mix - November 23rd, 2019
- The future that graphene built - Knowable Magazine - November 23rd, 2019
- New Berlin foundation turns AI into immersive art - Art Newspaper - November 23rd, 2019
- Maryanna Saenko and Steve Jurvetson of Future Ventures talk SpaceX, the Boring Co. and . . . ayahuasca - TechCrunch - November 23rd, 2019
- Quantum Hackathon With $100,000 Prize Receives Overwhelming Response - Yahoo Finance - November 22nd, 2019
- Quantum Computing: Challenges, Trends and the Road Ahead - CMSWire - November 20th, 2019
- Researchers Have Achieved a New Level of Quantum Supremacy - TechDecisions - November 20th, 2019
- Will quantum computers revolutionize the world? The Courier - The Courier - November 20th, 2019
- Reality is subjective to the observer - scientists make stunning claim in quantum study - Express.co.uk - November 20th, 2019
- Geeking Out With Legendary Futurist and Investor Steve Jurvetson - mySanAntonio.com - November 20th, 2019
- Hedera Hashgraph (HBAR) Founder Says Quantum Computing Is Not a Threat to Cryptocurrency, Although That Claim Is Debatable Crypto.IQ | Bitcoin and... - November 18th, 2019
- Innovation Focused Firms Issue Open Call for Hackers - IndustryWeek - November 18th, 2019
- Quantum computer - Simple English Wikipedia, the free ... - October 11th, 2019
- Topological quantum computer - Wikipedia - October 11th, 2019
- What is a quantum computer? Explained with a simple example. - September 11th, 2019
- Qubits and Defining the Quantum Computer | HowStuffWorks - September 5th, 2019
- For a Split Second, a Quantum Computer Made History Go ... - May 13th, 2019
- Noisy Quantum Computers Could Be Good for Chemistry Problems ... - April 11th, 2019
- What is a Quantum Computer? - Definition from Techopedia - April 11th, 2019
- What Is a Quantum Computer? | JSTOR Daily - April 11th, 2019
- Measuring Quantum Computer Power With IBM Quantum Volume ... - April 9th, 2019
- Explainer: What is a quantum computer ... - March 24th, 2019
- What Can We Do with a Quantum Computer? | Institute for ... - March 7th, 2019
- Qubit - Wikipedia - February 25th, 2019
- Quantum computer | computer science | Britannica.com - January 10th, 2019
- IBMs new quantum computer is a symbol, not a breakthrough - January 9th, 2019
- IBM unveils the world's first quantum computer that ... - January 9th, 2019