Cyber Security News Roundup: Responsible Encryption Edition
The most interesting news from the world of cyber security
It’s Wednesday, the middle of the week, and there’s plenty of cyber security news to get to. We’ve got more encrypted phone problems, Ethereum problems, PKI weaknesses for Code Signing, and the UK trying to train a new generation of cyber security professionals.
As always, here are the most interesting things happening in the world of Cyber Security:
Texas Shooter’s Phone is Encrypted
The debate about encryption is set to heat up again as the FBI has not yet been able to access the encrypted contents of the shooter’s phone. Already, influential US figures – including the deputy attorney general, Rod Rosenstein – have called for “responsible” encryption. The sort that a government or private company with enough computing power could crack. This is idiotic. But expect the debate to pick up again soon.
[Source: Gizmodo]
Hundreds of Millions of dollars worth of Ethereum Cryptocurrency frozen
Ethereum is a popular cryptocurrency, second perhaps, only to Bitcoin. Unfortunately, Tuesday was not a good day for Ethereum as a vulnerability within a popular wallet caused upwards of hundreds of millions of dollars worth of the currency to be frozen. This is is the second issue of this kind that Ethereum has faced this year, back in July nearly 30-million dollars worth of the cryptocurrency was stolen with a similar exploit. The name of the wallet company is Parity Technologies. The vulnerability affects multi-sig wallets that were deployed after July 20.
[Source: TechCrunch]
Researchers Identify Weaknesses in Code Signing PKI
A group of researchers at the University of Maryland released a report last week that outlines three weakenesses in code signing PKI:
- Inadequate client-side protection of certificates
- Publisher-side key mismanagement
- Certificate Authority verification failures
The group reviewed over 150,000 malware samples and found 325 malicious programs signed with valid, revoked or malformed keys.
[Source: Threat Post]
UK Ramping up Cyber Security Training
The United Kingdom is taking active steps to improve its security posture. In addition to posting jobs for people with exisiting expertise, the country is also holding training for workers looking to get into the field. “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale,” said Matt Parsons, head of cyber security skills at the DCMS. “The National Cyber Security Strategy outlines a number of strategic outcomes, one of which is that the UK has a sustainable supply of home-grown cyber security professionals to meet the growing demands of an increasingly digital economy in both the public and private sectors – and in defence.”
[Source: Computer Weekly]
Burnout, Bad Culture are the leading reasons talented Cyber Security personnel leave
Speaking of the cyber security skillset, Dr. Andrea Little Limbago at Endgame recently conducted a survey among security professionals. The two biggest factors in those professionals leaving their companies and sometimes the industry itself are: burnout and company culture. Both of these make a lot of sense. Security teams are typically understaffed, overworked and under-budgeted.
[Source: Dark Reading]
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown