Security researchers announce “first practical” SHA-1 collision attack
Security researchers at the CWI institute in Amsterdam working with a team from Google Research say they have found a faster way to compromise the SHA-1 hash algorithm — announcing what they describe as “the first practical technique for generating a SHA-1 collision” a in a blog post today. Read More
Privacy experts worry over Homeland Security’s possible move to collect travelers’ passwords
As the United States struggles with the international response of the new immigration ban, the Department of Homeland Security has created some more tension. In a congressional hearing earlier this week, John F. Kelly, the head of the DHS, shared new technical requirements for visa applicants. Kelly’s proposal calls for…
Google reveals its servers all contain custom security silicon
Even the servers it colocates (!) says new docu revealing Alphabet sub’s security secrets
Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services.…
Security Experts Rebut The Guardian’s Report That Claimed WhatsApp Has a Backdoor
William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: “WhatsApp backdoor allows snooping on encrypted messages.” If true, this would have massive implications for the security and privacy of WhatsApp’s one-billion-plus users. Fortunately, there’s no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian’s story is a “major league fuckwittage.” […] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, “Nothing new. Of course, if you don’t verify keys Signal/WhatsApp/… can man-in-the-middle your communications.” “I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an ‘anti-vaccination’ scale,” Muffett, who previously worked on Facebook’s engineering security infrastructure team, told Gizmodo. “It is not a bug, it is working as designed and someone is saying it’s a ‘flaw’ and pretending it is earth shattering when in fact it is ignorable.” The supposed “backdoor” the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone’s encrypted messages, something the company is extremely unlikely to do. “There’s a feature in WhatsApp that — when you swap phones, get a new phone, factory reset, whatever — when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone,” Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian’s story.
Read more of this story at Slashdot.