Security Alerts & News
by Tymoteusz A. Góral

#1565 NSA could put undetectable “trapdoors” in millions of crypto keys
Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.

The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a "trapdoor"—in 1,024-bit keys used in the Diffie-Hellman key exchange. Diffie-Hellman significantly raises the burden on eavesdroppers because it regularly changes the encryption key protecting an ongoing communication. Attackers who are aware of the trapdoor have everything they need to decrypt Diffie-Hellman-protected communications over extended periods of time, often measured in years. Knowledgeable attackers can also forge cryptographic signatures that are based on the widely used digital signature algorithm
Read more
#1566 Odinaff Trojan attacks banks and more, monitoring networks and stealing credentials
#1565 NSA could put undetectable “trapdoors” in millions of crypto keys
#1564 Ransomware: Expert advice on how to keep safe and secure
#1563 On the StrongPity waterhole attacks targeting Italian and Belgian encryption users
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12