Friday, 25 December 2015

The problem with encryption backdoors? Anyone can get in

Two vulnerabilities in widely used networking software made by Sunnyvale’s Juniper Networks reveal both the power — and the risk — of building backdoors into encryption.
One of the vulnerabilities disclosed by the company this month could be used to eavesdrop into virtual private network connections — theoretically secure connections often used by companies to conduct remote business. The other could allow attackers to gain access to certain Juniper devices.

Students arrive at the Ramon C. Cortines School of Visual and Performing Arts in downtown Los Angeles on Wednesday, Dec. 16, 2015. Students are heading back to class a day after an emailed threat triggered a shutdown of the vast Los Angeles Unified School District. Behind the gag e-mail service used to threaten schools LAS VEGAS, NV – JANUARY 08: A general view of the Bitcoin booth at the 2015 International CES at the Las Vegas Convention Center on January 8, 2015 in Las Vegas, Nevada. CES, the world’s largest annual consumer technology trade show, runs through January 9 and is expected to feature 3,600 exhibitors showing off their latest products and services to about 150,000 attendees. (Photo by Ethan Miller/Getty Images) Despite bitcoin drama, Wall Street hot on cryptocurrency (FILES) In this February 14, 2010 file photo, a woman photographs a wall of Barbie dolls in the Mattel display at the annual Toy Fair, in New York. The new Barbie doll is “intelligent” and connected. Too connected for some privacy activists. The high-tech “Hello Barbie” doll unveiled earlier this year by toy giant Mattel and likely to be a holiday hit allows children to speak and get a response from their favorite toy. But to make that happen, conversations travel over Wi-Fi networks to Internet “cloud” servers that use artificial intelligence to deliver a personal reply. For the activist group Campaign for a Commercial-Free Childhood, the privacy risks of the intelligent Barbie outweigh the benefits. “Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets,” the group said in a statement November 30, 2015. Maker of Web-connected Barbie launches bug bounty
The VPN loophole that could allow outsiders to spy on communications carries some clues of state-sponsored hacking, Ralf-Philipp Weinmann, the founder and CEO of German consulting firm Comsecuris, wrote in a blog post. Whoever discovered the loophole exploited a random number generator for encrypting information based on an algorithm created by the National Security Agency. For the full article click here 



from cyber security caucus http://ift.tt/1OdaXZ9
via IFTTT

No comments:

Post a Comment