KRACK Vulnerability Puts Medical Devices At Risk

A slew of devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in the Read More …

FBI chief rekindles debate over unbreakable encryption

The cat and mouse game of security versus privacy continues as FBI Director Christopher Wray calls out unbreakable encryption as an “urgent public safety issue.” Throughout the past year, the FBI took possession of thousands of electronic devices. Approximately 7,800 devices were Read More …

We need to talk about mathematical backdoors in encryption algorithms

Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent Read More …

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The Read More …

RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Read More …

US-CERT Warns of Crypto Bugs in IEEE Standard

Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security. DHS’ US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of Read More …