IEEE Cipher --- Items from security-related news (E128.Sep-2015)

  • Give Us Your Tired, Poor, Humble Data
    Apple and Other Tech Companies Tangle With U.S. Over Access to Data
    The New York Times
    By Matt Apuzzo, David E. Sanger and Michael S. Schmidt
    Sept. 7, 2015

    There are great risks involved in keeping your personal data online, so it seemed to be a win-win situation when several tech companies announced that their users could keep their data encrypted with a key that only they (the individuals users) knew. This relieved the tech companies of having to keep the data secure from malware and cyberespionage, and it gave the users peace of mind about their privacy. But law enforcement in the US has become accustomed to unlocking the data on seized cell phones as part of normal investigations, and they are not happy about the situation.

  • US May Sanction China Over Cyber Meddling
    U.S. developing sanctions against China over cyberthefts
    The Washington Post
    By Ellen Nakashima
    August 30, 2015

    As reported in previous Cipher issues, the US government believes that China is behind several serious disclosures of personal data kept by US companies and government agencies. A US response may be forthcoming, including some or all of "diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities".

  • Facebook to Students: Don't Tread on Us
    Harvard Student Finds Flaw, Loses Facebook Internship
    Fox News
    Brownie Marie
    Aug 13, 2015

    It has not been a great year for student innovation. A Harvard undergrad developed "a browser app called Marauder's Map that exposed, on a map, the geo-location data" being collected by the Facebook Messenger app. Facebook took offense at the scrutiny and canceled a summer internship for the student.

    This was followed by the "cool clock" caper this month. Is there a mixed message being sent to America's youth about curiousity and innovation?

  • What If Your Fingerprint Were Stolen?
    Are fingerprints the new passwords? Security experts sure hope not.
    The Washington Post
    Andrea Peterson
    Aug 11, 2015

    Biometrics seem like a security panacea. Nothing to remember, no involved set of interactions, just a simple examination of your fingerpad by an impersonal and secure computer. Bingo, you're in. Simple as it sounds, keeping the fingerprint information secure is as difficult as any other data protection problem. FireEye researcher Yulong Zhang revealed that some mobile devices seem to do an especially bad job of this. Authenticator beware!

  • Who's Looking at Your Cards?
    Online poker virus lets cybercriminals peek at victims' cards
    Fox News
    Sep 17, 2015

    According to ESET, a Slovakian online security company, online poker players need to keep their computers clean if they want to keep their cards hidden from opponents. Some players may have had their machines afflicted with malware designed just for the purpose of revealing those cards to other players. Online gambling cheaters? Is nothing sacred?

  • NSA Believes in Quantum Computers
    NSA Cryptography: Suite B Revisions
    August 19, 2015

    The US National Security Agency has issued revisions to its recommendations for protecting classified and unclassified National Security Systems (NSS). The original recommendations were issued in 2009, but they have now revised them for transitioning to "quantum resistant algorithms". What this means in practice is that keys should use a lot more bits. For public key algorithms, this translates into substantially more running time. Observers are interested to see that the NSA is taking quantum computation seriously. To date, no quantum computers exist.

  • NIST Asks for Comments re Key Management Revisions
    NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4)

    NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This Recommendation provides general guidance and best practices for the management of cryptographic keying material. A list of changes is provided in Appendix D of the document.

    Please send comments to by October 31, 2015.