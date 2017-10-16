Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 9
Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Would using Rust have helped? (Score:1)
Would using the Rust programming language have helped avoid this flaw?
Can we combine all slashdot articles? (Score:3)
Re: (Score:2)
Can we combine all these articles under just one title "Your Security is Flawed. You're Not Secure"?
No. Because it actually does make a difference what is insecure, and how.
Re: (Score:2)
Captain: What happen ?
Mechanic: Somebody set up us the weak security.
Operator: We get hacked.
Captain: What !
Operator: Main screen turn on.
Captain: It’s you !!
CATS: How are you gentlemen !!
CATS: All your data are belong to us.
CATS: You are on the way to sell your data to the highest bidder.
Captain: What you say !!
CATS: You have no chance to hide your personal info make your time.
CATS: Ha ha ha ha
Operator: Captain !!
Captain: Take off every ‘TFA’!!
Captain: You know what you doing.
Captain: Mov
vindicated (Score:1)
As much as i really _hate_ to say i told you so.
But seriously, i told you so.
Next up, curve 25519 and millions of apple fan boys crying into their caramel latte.