IEEE Computer Society Cipher --- Items from security-related news (E145)

  • The Apple of Privacy
    Apple Ups Privacy Controls in Growing Spat With Facebook
    By Mark Gurman
    June 4, 2018

    Apple took steps to distance itself from the scandal involving third-party data sharing by announcing changes to the Safari browser to limit social media sharing. The user will have to approve, via a pop-up window, attempts of websites to load "share" buttons. The Safari browser will also limit the metadata that it sends to websites in order to thwart efforts by websites to create unique user profiles that can be used to track individuals as they browse the Internet.

  • Apple's One Hour Restriction on the USB port
    Apple confirms iOS 12's 'USB Restricted Mode' will thwart police, criminal access
    Apple Insider
    Jun 14, 2018
    By Roger Fingas
    June 13, 2018

    The USB port on iOS devices is believed to be the port of entry for hackers and law enforcement agencies when gaining access to stolen or seized iPhones. With iOS 12, this access method will be shut off an hour after the phone is locked. Presumably Apple considers the one hour window to be a compromise of some sort with law enforcement.

  • Defining Cyberwar
    The age of cyberwar is here. We can't keep citizens out of the debate
    The Guardian
    By David E. Sanger
    Jul 28, 2018

    This opinion piece, by the national security correspondent for the New York Times, discusses the difficulty of defining and limiting cyberwarfare. It goes on constantly, termed "network exploitation" when we do it, and "cyberattack" when conducted against us, but there is no agreement on what nations cannot do to one another, and thus no negotiations. Sanger also has written a new book on cyber mayhem, and his insights into the history and problems are interesting.

  • The Spectre of Spectre
    Intel Discloses New Spectre Flaws, Pays Researchers $100K
    By Sean Michael Kerner
    July 11, 2018

    There is a bonanza of side-channel attacks being uncovered based on processor architectures for speculative execution. Intel is making a bid to stay ahead of the game by offering bounties for discoveries of new ones. An exploit described by MIT researchers using speculative buffer overflow has been rewarded with a payment of $100,000.
    (Ed. The full paper is available at


  • Yet Another Processor Side Channel
    New Spectre attack enables secrets to be leaked over a network
    Ars Technica
    By Peter Bright
    July 26, 2018

    Intel expanded their Haswell vector instruction set to handle 128 bit numbers. These instructions use quite a lot of power, so the circuitry for them is not powered up if they are not used. This leads to a clever side channel attack that can be run against a web server without the necessity of getting it to run malicious code. The channel is very slow, however, because normal network latency jitter interferes with measurements. Nonetheless, it might be exploited to obtain high-value short bitstrings, such as cryptographic keys.