At some dark moment, have you ever wondered: what if the programmers are adding the bugs deliberately?
Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.
Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article: Private Join and Compute uses a 1970s methodology known as “commutative encryption” to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. Crucially, Private Join and Compute also uses methods first developed in the ’90s that enable a system to combine two encrypted data sets, determine what they have in common, and then perform mathematical computations directly on this encrypted, unreadable data through a technique called homomorphic encryption.
Boing Boing article.
The FCC in June called for carriers to provide free, default robocall blocking services. One month later, plans are “far from clear.” Why? Because the phone companies make a ton of money selling phone lines and services to these bums. Call your phone company now and tell them to get with the program and block these parasites.
Original release date: July 16, 2019
The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals and taxpayers to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information.