Cyber Brief: Cryptolog
Five years ago, the National Security Agency (NSA) released 136 issues of its internal Cryptolog periodical spanning 1974 through 1997. The collection offered a look into the some of the discussions being held within one of America’s most secretive intelligence agencies. Today the GWU-based National Security Archive is providing a complete index of all 1,504 items in the declassified collection, including but not limited to articles, interviews, and puzzles.
Advanced Protection Program
To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification. You will need to sign into your account with a password and a physical Security Key. Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work.
Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers
So of the five serious zero-day vulnerabilities against Windows in the NSA’s pocket, four were never independently discovered.
I think this is an interesting data point in the debate about the risks of hoarding, etc.
Extending the Airplane Laptop Ban
Dividing security checks into haves and have-nots is bad social policy
Probably a dead on arrival policy, but nevertheless.
Stealing sensitive browser data with the W3C Ambient Light Sensor API
Your privacy leaking feature of the day.
It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy.
Security and Privacy Guidelines for the Internet of Things
They all largely say the same things: avoid known vulnerabilities, don’t have insecure defaults, make your systems patchable, and so on.
So basically, do all the things you’re not doing but know you should.
Cracking Android Pattern Lock in Five Attempts
Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera.