Nedelne rano @nedelne_rano@mastodon.opencloud.lu
Privacy and security researcher
Joined Jan 2019
29.01.2020 Crypto Apero AI Edition
In this edition of the Crypto Apero we’ll explore the good, the bad and the plain stupid of everyday AI and investigate if we really want a computer programme to mix our cocktails….
https://www.crypto-apero.lu/crypto-apero-s03e03-algorithmically-yours-the-everyday-ai-edition/
Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince' by receiving special crafted video file on WhatsApp.
https://www.nytimes.com/2020/01/21/world/americas/glenn-greenwald-brazil-cybercrimes.html
"Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. "
Seems like they most likely hacked Greenwald's mobile phone, since private keys for telegram secret chats are stored only on the mobile device.
Digital Privacy Salons are skill & knowledge sharing sessions which aim to teach people the basic ways of protecting themselves and their data from intrusive surveillance and unwanted/unwitting information gathering.
Tuesday 11/02/20, 19:00@Level2
https://www.privacysalon.lu/next-digital-privacy-salon-11-02-20-safer-internet-day/
Next pEp Engine release will drop support for GnuPG and will support only PGP Sequoia
Luxembourg and its liberal policy on cryptographic technologies has led to the emergence of a group of specialists campaigning for the use of absolute encryption.
https://eprint.iacr.org/2020/014
When renting cheap GPUs, this translates to a cost of 11k USD for a collision, and 45k USD for a chosen-prefix collision.
Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH).
We strongly advise to remove SHA-1 from those type of applications as soon as possible.
Research publishing method that can accurately estimate the likelihood of a specific person to be correctly re-identified, even in a heavily incomplete dataset.
Basically how to de-anonymised people in random anonymised datasets:
DigiCert Inc. is requiring to create a new business listing on Google Business, Kompass or other specific B2B listing websites in order to verify an Extended Validation Certificate. Official company registration is not enough.
All these companies are re-selling provided data further. Seems lie extra revenue stream.
Any tips for less greedy, more privacy EV certs provider?
If you want to try the latest public testing build for pEp for iOS
you can do it over Apple Testflight:
https://testflight.apple.com/join/IjU0HDtZ
Feel free to share a thoughts afterwards
A free implementation of OpenPGP in Rust - Project Sequoia is planning to release v1.0 at the end of January.
Do you know you can use Google Fonts without Google tracking your visitors and stealing the metrics?
That moment when you test in production and deploy it on Friday
Public archive of police files in size of 57 TB.
Good job OCCRP
Frontex, the EU border agency, have cancelled plans to give up to €400,000 to a surveillance company to spy on the social media of migrants and “civil society and diaspora communities in destinations (EU)”.
Breaking Trusted Execution Environment (TEE) for mobile devices backed by ARM hardware-based access control
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Celebrating 100k uploaded keys on Hagrid :)
https://keys.openpgp.org/about/news#2019-11-12-celebrating-100k
Following are cipher suites that is being used for encryption in all pEp projects:
1 Curve25519
2 NIST P-256
3 NIST P384
4 NIST P521
5 RSA 2K
6 RSA 3K
7 RSA 4K
8 RSA 8K
Depending on the project, users will be able to choose themselves the cipher suite they want to use.
https://sequoia-pgp.org/status/#algorithms
Is RSA 2k enough to use as default cipher suite? If not, can you write some reasoning?
#encryption #algorithms #RSA #Curve25519 #pEp
