EUVD-2023-58503

Malicious code in bioql PyPI...

Is secure boot on the main application processor enough?

TL;DR Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. Sub-systems often lack secure boot capabilities, limiting protection for non-critical processors. Focus on secure boot for the main processor; it can provide adequate security...

Google Passkeys: How to create one and when you shouldn't

Google has just brought users closer to a passwordless future. In a recent blog post, the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys, a form of digital credential. So, how do they work? Passkeys are generated using public-key...

Android and Chrome start showing passwords the door

Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't le...

Zoom Rolls Out End-to-End Encryption After Setbacks

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption E2EE next week. Zoom has faced various controversies around its encryption policies over the past year, including several lawsuits alleging that the company falsely told users that it offers full...

Use iPhone as Physical Security Key to Protect Your Google Accounts

Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since...

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential...

Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize

And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Pri...

Cryptosystems Showing Signs of 'Wear and Tear'

SAN FRANCISCO– It’s been an interesting year in the cryptography world, with new attacks on several algorithms, continued problems with hash functions and the recent research on weak RSA keys. With all of that as a backdrop, some of the brightest minds in the field, gathered here for the RSA...

Google Internet Summit 2009: Security Session

Whitfield Diffie, the inventor of public-key cryptography, moderates a panel of security experts, including Howard Schmidt, Steve Crocker, Chris DiBona and Eric Grosse, discussing a variety of security topics...

GnuPG contains format-string vulnerability in handling of encrypted data filename

Overview Some versions of Gnu Privacy Guard GPG contain a format-string vulnerability from improper handling of filenames when decrypting files. Description GPG is an OpenPGP-compliant alternative to PGP to protect electronic communications using public-key cryptography. Versions of GPG prior to...