Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) Its really bad. If youre running Windows 10, go grab the update now. OK, youre updated? Good, lets talk about it now.
The flaw applies to X.509 keys that use elliptic curve cryptography. Weve discussed ECC in the past, but lets review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.
The historic calculation is multiplying large primes, as its unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.
There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.
With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesnt properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve similar enough that the checks in crypt32 dont catch it.
Imagine this scenario. You get an email, click a link, and immediately realize that this isnt the page you thought it was. Close that tab, and all is well, right? You didnt actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.
That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.
Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intels disclosure, there isnt a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.
The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.
Use a cable modem? Theres a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isnt written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesnt have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.
At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.
- What is quantum computing? Everything you need to know about the strange world of quantum computers - ZDNet - July 29th, 2021
- Is Bitcoin (BTC) Safe from Grover's Algorithm? - Yahoo Finance - July 29th, 2021
- Will the NSA Finally Build Its Superconducting Spy Computer? - IEEE Spectrum - July 29th, 2021
- IBM's newest quantum computer is now up-and-running: Here's what it's going to be used for - ZDNet - July 27th, 2021
- URI to host international experts for conference on future of quantum computing - URI Today - July 27th, 2021
- Research by University of Surrey and Arqit reveals Quantum Threat to Digital Assets - Business Wire - July 27th, 2021
- A Roadmap On The Geopolitical Impact Of Emerging Technologies By Chuck Brooks And Dr. David Bray - Forbes - July 27th, 2021
- IBM and CERN on quantum computing to track the elusive Higgs boson - Tech News Inc - July 27th, 2021
- The Convergence of Communication and Computation with Dr. Vida Ilderem - RCR Wireless News - July 27th, 2021
- Quantum Computing Market is anticipated to surge at a CAGR of 33.7% over the next ten years - PRNewswire - July 21st, 2021
- Quantum Computing for the Future Grid - Transmission & Distribution World - July 21st, 2021
- Red Hat embraces quantum supremacy as it looks to the future - SiliconANGLE News - July 21st, 2021
- Quantum Computing Is Coming. What Can It Do? - Harvard Business Review - July 16th, 2021
- Rigetti Computing Partners with Riverlane, Astex Pharmaceuticals on Quantum Computing for Drug Discovery - HPCwire - July 16th, 2021
- Quantware Launches the World's First Commercially Available Superconducting Quantum Processors, Accelerating the Advent of the Quantum Computer. -... - July 16th, 2021
- The Future of Data Encryption: What You Need to Know Now - FedTech Magazine - July 16th, 2021
- Quantum computing: this is how quantum programming works using the example of random walk - Market Research Telecast - July 16th, 2021
- IBM shows the advantages of a quantum computer over traditional computers - Tech News Inc - July 16th, 2021
- Quantum Blockchain Technologies Plc - Working with D-Wave Systems - Yahoo Finance UK - July 6th, 2021
- Conclusions from Forum TERATEC 2021: European Cooperation, Novel Uses of HPC - HPCwire - July 6th, 2021
- IBM researchers demonstrate the advantage that quantum computers have over classical computers - ZDNet - July 2nd, 2021
- Is this the first physics problem that the quantum computer will solve? - Centrum Wiskunde & Informatica (CWI) - July 2nd, 2021
- New research proves that quantum computational errors are correlated and connects them to cosmic rays - Illinoisnewstoday.com - July 2nd, 2021
- CSRWire - Refusing Limits with Liz Ruetsch - CSRwire.com - July 2nd, 2021
- Crdit Agricole CIB partners with Pasqal and Multiverse Computing - IBS Intelligence - June 29th, 2021
- Keynotes Announced for IEEE International Conference on Quantum Computing and Engineering - HPCwire - June 29th, 2021
- The evolution of cryptographic algorithms - Ericsson - June 29th, 2021
- EU rewrites rulebook on science and technology cooperation with the rest of the world - Science Business - June 29th, 2021
- IBM's first quantum computer outside of the US has just gone live - ZDNet - June 22nd, 2021
- Quantum computers take up a lot of space. Researchers decided to shrink this one down - ZDNet - June 22nd, 2021
- New discoveries of rare superconductors may be essential for the future of quantum computing - Illinoisnewstoday.com - June 22nd, 2021
- Williams F1 drives digital transformation in racing with AI, quantum - VentureBeat - June 22nd, 2021
- Global IT giant to partner with U of C on quantum computing centre - Calgary Herald - June 2nd, 2021
- A Computer Memory Based on Cold Atoms and Light - Physics - June 2nd, 2021
- Quantum Chip Market by Trends, Dynamic Innovation in Technology and 2027 Forecasts Covid-19 Analysis The Manomet Current - The Manomet Current - June 2nd, 2021
- Quantum Blockchain inks deal with cryptography expert to optimise Bitcoin mining operations - Proactive Investors UK - June 2nd, 2021
- ColdQuanta Named to IBM Quantum Network to Help Research Quantum Computing Applications - ExecutiveBiz - May 28th, 2021
- Big bang theory: Maryland company moves ahead in quantum space race - The Star Democrat - May 28th, 2021
- Quantum internet: The race is on to build an unhackable online world - New Scientist - May 28th, 2021
- Getting The Big Banks To Confront The Quantum Challenge - Forbes - May 28th, 2021
- Want to study Quantum Science? Check out the research and job opportunities, salary, job roles in this field - India Today - May 28th, 2021
- Top 10 Trends Influencing Digital Transformation in 2021 - Analytics Insight - May 28th, 2021
- RSA conference highlights 'scourge' of ransomware and takes aim at quantum computing - Verdict - May 28th, 2021
- Quantum Computing: The Chronicle of its Origin and Beyond - Analytics Insight - May 18th, 2021
- Google I/O 2021: Everything Google is announcing at this year's virtual keynote right now - TechRepublic - May 18th, 2021
- 6 'crackpot' technologies that might transform IT - CIO - May 18th, 2021
- IBM just solved this quantum computing problem 120 times faster than previously possible - ZDNet - May 16th, 2021
- Quantum computings imminent arrival in Cleveland could be a back-to-the-future moment: Thomas Bier - cleveland.com - May 16th, 2021
- Precision Is Natures Gift to Technology - The Wall Street Journal - May 16th, 2021
- Protecting Powerlines And Pipelines: The Quantum Solution - Forbes - May 16th, 2021
- Quantum Blockchain Technologies could help transform the digital economy as we know it - Proactive Investors UK - May 16th, 2021
- Aehr Test Systems Appoints Technology Industry Veteran Fariba Danesh to its Board of Directors - GlobeNewswire - May 16th, 2021
- Researchers confront major hurdle in quantum computing - University of Rochester - May 5th, 2021
- GCHQ boss is right to be keeping his eye on quantum computing - Verdict - April 27th, 2021
- IonQ Announces Full Integration of its Quantum Computing Platform with Qiskit - CIO Applications - April 27th, 2021
- Meet the Barclays MD working to transform finance through distributed ledgers and quantum computing - Business Insider - April 27th, 2021
- These Emerging Technologies Interest Developers the Most - Dice Insights - April 27th, 2021
- Australia and India team up on critical technology - ComputerWeekly.com - April 22nd, 2021
- NEC, D-Wave and the Australian Department of Defence Collaborate on Quantum Computing Initiative - StreetInsider.com - April 22nd, 2021
- Graphs, quantum computing and their future roles in analytics - TechRepublic - April 9th, 2021
- 615 Million Euros Awarded to Quantum Delta NL for Quantum Research in the Netherlands - HPCwire - April 9th, 2021
- The World Awaits the First Powerful Quantum Computer - Analytics Insight - April 8th, 2021
- Quantum computers, like one coming to Cleveland Clinic, can help create medical breakthroughs but still are i - cleveland.com - April 8th, 2021
- Know about How to build a Probabilistic Computer and more! - Analytics Insight - April 8th, 2021
- IBM, Cleveland Clinic Team Up on Quantum Computing and a Healthcare Discovery Accelerator - Morning Brew - April 8th, 2021
- QCI Expands Sales and Marketing Team to Accelerate Growth and Advance Enterprise Adoption of Quantum Computing - GlobeNewswire - April 8th, 2021
- Quantum Week 2021 Unveils the Latest in Quantum Computing and Engineering - PRNewswire - March 24th, 2021
- What is a quantum computer? | New Scientist - March 24th, 2021
- Quantum supremacy: Google says its computer did a 10,000 ... - March 24th, 2021
- Texas Warned Us What Quantum Computers Will Do To The Power Grid - Forbes - March 24th, 2021
- Japan's first leading-edge quantum computer to be installed this year - The Mainichi - The Mainichi - March 24th, 2021
- Crucial Milestone for Scalable Quantum Technology: 2D Array of Semiconductor Qubits That Functions as a Quantum Processor - SciTechDaily - March 24th, 2021
- Global Artificial Intelligence in Military Market (2020 to 2025) - Incorporation of Quantum Computing in AI Presents Opportunities -... - March 24th, 2021
- What is cloud-based quantum computing and How does it work? - Medium - March 24th, 2021
- Will Quantum Computers Break Bitcoin and the Internet? Heres the Outlook From Quantum Physicist Anastasia Marchenkova - The Daily Hodl - March 24th, 2021
- UAE To Add A New Milestone by Building Its First Quantum Computer - Al-Bawaba - March 24th, 2021
- Quantum AI & Quantum Brain: The Imitation Game Of The Future - Analytics Insight - March 24th, 2021
- Novel Thermometer Leads to Quantum Leap in Future Computing, Thermodynamics - Science Times - March 24th, 2021
- Are quantum computers good at picking stocks? This project tried to find out - ZDNet - March 21st, 2021
- Quantum computing is finally having something of a moment - World Finance - March 21st, 2021