public-key cryptography
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” …
How Google plans to make stolen session cookies worthless for attackers
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain …
Nitrokey releases NetHSM, a fully open-source hardware security module
German company Nitrokey has released NetHSM 1.0, an open-source hardware security module (HSM). Nitrokey NetHSM 1.0 features The module can be used for storing and managing a …
Security in the impending age of quantum computers
Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in …
MSI’s firmware, Intel Boot Guard private keys leaked
The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach …
Chinese researchers: RSA is breakable. Others: Do not panic!
Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular …
Tips to mitigate public-key cryptography risk in a quantum computing world
Quantum computing is poised to transform the industry over the next decade. With its promise of breakthrough speed and power, it’s easy to understand why there is so much hype …
The paradox of post-quantum crypto preparedness
Preparing for post-quantum cryptography (PQC) is a paradox: on the one hand, we don’t know for sure when, or perhaps even if, a large quantum computer will become available …
Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington …
Estonia blocks certificates on 760,000 ID cards due to identity theft risk
On 3 November 2017 at midnight, Estonia will block the certificates of 760,000 ID cards. The decision is the result of the discovery of a security vulnerability in the …
Vulnerability in code library allows attackers to work out private RSA keys
Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding …
Security flaw affects 750,000 Estonian ID cards
An international group of cryptographers has flagged a serious security vulnerability in the chip embedded in Estonian ID cards, the country’s Information System …