Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) Its really bad. If youre running Windows 10, go grab the update now. OK, youre updated? Good, lets talk about it now.
The flaw applies to X.509 keys that use elliptic curve cryptography. Weve discussed ECC in the past, but lets review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.
The historic calculation is multiplying large primes, as its unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.
There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.
With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesnt properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve similar enough that the checks in crypt32 dont catch it.
Imagine this scenario. You get an email, click a link, and immediately realize that this isnt the page you thought it was. Close that tab, and all is well, right? You didnt actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.
That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.
Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intels disclosure, there isnt a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.
The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.
Use a cable modem? Theres a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isnt written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesnt have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.
At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.
- Quantum leap? US plans for unhackable internet may not fructify within a decade, but India is far behind - The Financial Express - August 4th, 2020
- Google distinguished scientist Hartmut Neven is one of Fast Company's - Fast Company - August 4th, 2020
- Quantum physicists say time travelers don't have to worry about the butterfly effect - The Next Web - August 2nd, 2020
- Week in review: BootHole, RCEs in industrial VPNs, the cybersecurity profession crisis - Help Net Security - August 2nd, 2020
- New UC-led institute awarded $25M to explore potential of quantum computing and train a future workforce - University of California - July 31st, 2020
- The future of encryption: Getting ready for the quantum computer attack - TechRepublic - July 31st, 2020
- IBM and University of Tokyo team up for Quantum Innovation Initiative Consortium - SmartPlanet.com - July 31st, 2020
- 'Butterfly effect' is wrong and reality can 'heal itself', quantum scientists find in time travel experiment - The Independent - July 31st, 2020
- Research: the butterfly effect does not exist in the quantum model - FREE NEWS - July 31st, 2020
- Solving problems by working together: Could quantum computing hold the key to Covid-19? - ITProPortal - July 2nd, 2020
- Spain Introduces the World's First Quantum Phase Battery - News - All About Circuits - July 2nd, 2020
- Professor tackles one more mystery about quantum mechanics and times flow - GeekWire - July 2nd, 2020
- This Week's Awesome Tech Stories From Around the Web (Through June 27) - Singularity Hub - June 29th, 2020
- Kudos: Read about faculty, staff and student awards, appointments and achievements - Vanderbilt University News - June 29th, 2020
- This Is the First Universal Language for Quantum Computers - Popular Mechanics - June 21st, 2020
- Universal Quantum raises $4.5 million to build a large-scale quantum computer - VentureBeat - June 17th, 2020
- Ethereum (ETH) Might Not have Quantum Resistance on its Roadmap, the QRL Team Reveals - Crowdfund Insider - June 17th, 2020
- Craig Knoblock Named Michael Keston Executive Director of the USC Information Sciences Institute - USC Viterbi School of Engineering - June 17th, 2020
- European quantum computing startup takes its funding to 32M with fresh raise - TechCrunch - June 11th, 2020
- SKT to expand use of new quantum-powered security solutions - The Korea Herald - June 11th, 2020
- Archer looks to commercialisation future with graphene-based biosensor tech - ZDNet - June 11th, 2020
- Dear NASA, please put a particle collider on the Moon - The Next Web - June 11th, 2020
- Top 10 emerging technologies of 2020: Winners and losers - TechRepublic - June 11th, 2020
- When Will Quantum Computing Come to Mainstream? - Analytics Insight - June 8th, 2020
- University announces 2020 winners of Quantrell and Graduate Teaching Awards - UChicago News - June 8th, 2020
- Physicists Found a Way to Save Schrdingers Cat - Dual Dove - June 8th, 2020
- Physicists hunt for room-temperature superconductors that could revolutionize the world's energy system - The Conversation US - June 3rd, 2020
- Covid 19 Pandemic: Quantum Computing Technologies Market 2020, Share, Growth, Trends And Forecast To 2025 - 3rd Watch News - May 24th, 2020
- Molecular dynamics used to simulate 100 million atoms | Opinion - Chemistry World - May 23rd, 2020
- Highest-performing quantum simulator IN THE WORLD delivered to Japan - TechGeek - May 18th, 2020
- Light, fantastic: the path ahead for faster, smaller computer processors - News - The University of Sydney - May 18th, 2020
- Wiring the quantum computer of the future - Space Daily - April 29th, 2020
- Technologies That You Can Explore Other Than Data Science During Lockdown - Analytics India Magazine - April 29th, 2020
- Will Quantum Computing Really Change The World? Facts And Myths - Analytics India Magazine - April 23rd, 2020
- Google's top quantum computing brain may or may not have quit - Fudzilla - April 23rd, 2020
- On the Heels of a Light Beam - Scientific American - April 23rd, 2020
- Advanced Encryption Standard (AES): What It Is and How It Works - Hashed Out by The SSL Store - Hashed Out by The SSL Store - April 23rd, 2020
- Google's Head of Quantum Computing Hardware Resigns - WIRED - April 21st, 2020
- COVID-19: Quantum computing could someday find cures for coronaviruses and other diseases - TechRepublic - April 21st, 2020
- The future of quantum computing in the cloud - TechTarget - April 21st, 2020
- Quantum computer chips demonstrated at the highest temperatures ever - New Scientist News - April 17th, 2020
- Alex Garland on 'Devs,' free will and quantum computing - Engadget - April 14th, 2020
- RAND report finds that, like fusion power and Half Life 3, quantum computing is still 15 years away - The Register - April 12th, 2020
- Quantum computing: When to expect the next major leap - TechRepublic - April 12th, 2020
- Cambridge Quantum Computing Performs the World's First Quantum Natural Language Processing Experiment - Quantaneo, the Quantum Computing Source - April 12th, 2020
- The Well-matched Combo of Quantum Computing and Machine Learning - Analytics Insight - March 23rd, 2020
- Picking up the quantum technology baton - The Hindu - March 23rd, 2020
- Research by University of Chicago PhD Student and EPiQC Wins IBM Q Best Paper - HPCwire - March 23rd, 2020
- Honeywell Achieves Breakthrough That Will Enable The Worlds Most Powerful Quantum Computer #47655 - New Kerala - March 23rd, 2020
- Is time broken? Physicists filmed a quantum measurement but the 'moment' was blurry - The Next Web - March 5th, 2020
- What Is Quantum Computing? The Next Era of Computational ... - March 3rd, 2020
- Honeywell says it will soon launch the worlds most powerful quantum computer - TechCrunch - March 3rd, 2020
- Majority of Promising AI Startups Are Still Based in the US - Transport Topics Online - March 3rd, 2020
- 10 Revolutionary Technologies To Lookout For In 2020 - Fossbytes - March 3rd, 2020
- Quantum researchers able to split one photon into three - Space Daily - March 3rd, 2020
- Physicists Captured The Moment That An Atom Enters Quantum Measurement - Somag News - February 29th, 2020
- This Week's Awesome Tech Stories From Around the Web (Through February 29) - Singularity Hub - February 29th, 2020
- IC Breakthroughs: Energy Harvesting, Quantum Computing, and a 96-Core Processor in Six Chiplets - News - All About Circuits - February 29th, 2020
- Top 10 Strategic Technology Breakthroughs That Will Transform Our Lives - Analytics Insight - February 29th, 2020
- New Intel chip could accelerate the advent of quantum computing - RedShark News - February 28th, 2020
- Particle accelerator technology could solve one of the most vexing problems in building quantum computers - Fermi National Accelerator Laboratory - February 28th, 2020
- Top 10 breakthrough technologies of 2020 - TechRepublic - February 28th, 2020
- 21st ISQED Conference to Commence With Focus on Quantum Computing, Security, and AI/ML & Electronic Design - PRNewswire - February 25th, 2020
- NTT Research to Collaborate with UCLA and Georgetown on Cryptography and Blockchain - Yahoo Finance - February 25th, 2020
- Should decision makers be concerned by the threat of quantum? - Information Age - February 25th, 2020
- Keeping classified information secret in a world of quantum computing - Bulletin of the Atomic Scientists - February 11th, 2020
- A neural network that learned to predict the behavior of a quantum system - Tech Explorist - February 9th, 2020
- Deltec Bank, Bahamas A combination of Quantum Computing and Blockchain Technology Will Have a huge Impact on Banking - Press Release - Digital... - February 5th, 2020
- Could Photonic Chips Outpace the Fastest Supercomputers? - Singularity Hub - February 5th, 2020
- Google claims to have invented a quantum computer, but IBM begs to differ - The Conversation CA - January 22nd, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Quantaneo, the Quantum Computing Source - January 22nd, 2020
- U of T's Peter Wittek, who will be remembered at Feb. 3 event, on why the future is quantum - News@UofT - January 17th, 2020
- Quantum Computing Technologies Market 2019, Size, Share, Global Industry Growth, Business Statistics, Top Leaders, Competitive Landscape, Forecast To... - January 17th, 2020
- Kitchener's Angstrom Engineering is making a quantum leap with its next-generation technology - TheRecord.com - January 17th, 2020
- Xanadu Receives $4.4M Investment from SDTC to Advance its Photonic Quantum Computing Technology - Yahoo Finance - January 16th, 2020
- The dark side of IoT, AI and quantum computing: Hacking, data breaches and existential threat - ZDNet - January 16th, 2020
- 'How can we compete with Google?': the battle to train quantum coders - The Guardian - January 16th, 2020
- IBM heads US patent list for 27th consecutive year - Technology Decisions - January 16th, 2020
- New Technique May Be Capable of Creating Qubits From Silicon Carbide Wafer - Tom's Hardware - January 14th, 2020
- The hunt for the 'angel particle' continues - Big Think - January 13th, 2020