An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of Read More …

Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601

Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) Read More …

Exploit Fully Breaks SHA-1, Lowers the Attack Bar

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by Gaëtan Leurent Read More …

Interpol to support the breaking of end-to-end encryption

International police body Interpol has joined the growing list of law enforcement agencies that back the idea of breaking encrypted communications, echoing concerns that the technology protects criminals. Interpol is expected to argue later today that encryption frustrates criminal investigations Read More …

US, UK, and Australia jointly request for Facebook to stop end-to-end encryption plans

The United States, the United Kingdom, and Australia have joined to request that Facebook delay its plans to implement end-to-end encryption across its messaging services. First reported by BuzzFeed News, the governments on Thursday jointly published an open letter to Facebook Read More …

Firefox And Chrome Fight Back Against Kazakhstan’s Spying

Against the backdrop of China, Russia, and Iran working to sequester their own private, national internets, other countries like Kazakhstan have experimented with similar balkanization and internet-control initiatives. Kazakhstan first piloted a monitoring system in 2015 that would offer access to all web traffic Read More …