The security hole isnt expected to be plugged until the forthcoming Patch Tuesday bundle of security fixes

Googles Project Zero researchers have disclosed details about a zero-day vulnerability in Windows that they say is being exploited by attackers.

The memory-corruption flaw resides in the Windows Kernel Cryptography Driver (cng.sys) and, according to Google, constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).

The researchers also released proof-of-concept (PoC) code that theyd tested out on a recent version of Windows 10 (version 1903, 64-bit) and believe that the security bug could have been around since Windows 7, potentially meaning that all versions from Windows 7 through 10 could be affected.

Per media reports, the flaw is being exploited in conjunction with another zero-day, which is indexed as CVE-2020-15999 and affects FreeType, a widely used software development library that is also part of the Google Chrome web browser.

Google reported the discovery of the newly-found bug, which is tracked asCVE-2020-17087, to Microsoft, but since it found evidence of the loophole being exploited in the wild, it opted for a seven-day disclosure deadline.

Currently, the security loophole doesnt have a patch, but Project Zeros technical lead Ben Hawkes tweetedthat they do expect one to be released on November 10th, which coincides with the upcoming Patch Tuesday.

Microsoft, meanwhile, provided this statement toTechCrunch:

Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.

A company spokesperson also went to add that the attack seems to be quite limited and that there is no proof pointing to it being a widespread issue. The attacks are thought to be unrelated to the upcoming US presidential election.

Since the beginning of this year, Microsoft has disclosed and patched several severe bugs in Windows, including a pair of zero-days back in March and another zero-day, which was found by the United States National Security Agency (NSA).

Read the original post:
Google discloses Windows zeroday bug exploited in the wild - We Live Security

Applied mathematician Peter Shor says government agencies could be the first to figure out a way to enable quantum computers to break algorithms that keep Bitcoin and the internet secure.

In an interview with Nature Magazine, the MIT professor of applied mathematics talks about the looming possibility that quantum computers can crack encryption keys, called RSA, that keep the internet and cryptocurrencies safe from security threats. Shor says that if theres anyone who can break the RSA first, it will be government bodies such as the National Security Agency (NSA).

The first people who break RSA either are going to be NSA or some other big organization. At first, these computers will be slow. If you have a computer that can only break, say, one RSA key per hour, anything thats not a high priority or a national-security risk is not going to be broken. The NSA has much more important things to use their quantum computer on than reading your e-mail theyll be reading the Chinese ambassadors e-mail.

Crypto enthusiasts are keeping close tabs on developments in the quantum computing space as the technology threatens to break the cryptographic algorithms that keep cryptocurrencies like Bitcoin secure. The World Economic Forum describes how quantum computing machines can crack the existing standards of encryption.

The sheer calculating ability of a sufficiently powerful and error-corrected quantum computer means that public-key cryptography is destined to fail, and would put the technology used to protect many of todays fundamental digital systems and activities at risk.

Recently, industrial powerhouse Honeywell announced that it built the System Model H1 quantum computer, which the company touts generates the highest quantum volume in the entire industry.

As to whether quantum computing poses an existential threat to the crypto industry, Ripple CTO David Schwartz says it could become powerful enough to break cryptographic algorithms within a decade.

I think we have at least eight years. I have very high confidence that its at least a decade before quantum computing presents a threat, but you never know when there could be a breakthrough. Im a cautious and concerned observer, I would say.

Featured Image: Shutterstock/archy13

Original post:
Quantum Computing Expert Warns Governments May Be First to Crack Algorithms Keeping Bitcoin and the Internet Secure - The Daily Hodl

Latest Study on Industrial Growth of COVID-19 Outbreak-Global Quantum Cryptography Market 2019-2025. A detailed study accumulated to offer Latest insights about acute features of the COVID-19 Outbreak- Quantum Cryptography market. The report contains different market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market. It also examines the role of the leading market players involved in the industry including their corporate overview, financial summary and SWOT analysis.

Top Leading Key Players are:

ID Quantique, MagiQ Technologies, Infineon Technologies, QuintenssenceLabs, Crypta Labs, ISARA, Toshiba, Microsoft, IBM, HP, PQ Solutions, and Qubitekk.

Get Sample Copy of this Report: https://www.adroitmarketresearch.com/contacts/request-sample/958

The Global Quantum Cryptography Market report draws precise insights by examining the latest and prospective industry trends and helping readers recognize the products and services that are boosting revenue growth and profitability. The study performs a detailed analysis of all the significant factors, including drivers, constraints, threats, challenges, prospects, and industry-specific trends, impacting the market on a global and regional scale. Additionally, the report cites worldwide market scenario along with competitive landscape of leading participants. The Quantum Cryptography market analysis is intended to provide all participants and vendors with pertinent specifics about growth aspects, roadblocks, threats, and lucrative business opportunities that the market is anticipated to reveal in the coming years. This intelligence study also encompasses the revenue share, market size, market potential, and rate of consumption to draw insights pertaining to the rivalry to gain control of a large portion of the market share.

For future market growth, global keyword market forecasts have been observed with various macroeconomic factors and changing trends according to the markets future forecasts. Other important factors covered in the report include current market size, supply and demand side inputs, and other dynamics shaping market scenarios. Report forecasting is provided in CAGR and other important criteria such as annual growth and absolute dollar opportunities are also incorporated to provide clear insights and future opportunities.

Browse the complete report @ https://www.adroitmarketresearch.com/industry-reports/quantum-cryptography-market

Based on Application, the market has been segmented into:

NA

The Global Quantum Cryptography Market Report includes the top companies in the market, with company profile, growth aspects, opportunities and threats to market development. This report provides an industry analysis of the estimated time scale. This report covers the latest industry details related to industry reports, import and export scenarios and market share. The report also included basic opinions on the market environment, emerging and high growth sectors of the market, high growth regions, market drivers, papermaking and market opportunities. This study aims to estimate the current market size and growth potential of the global keyword market in sections like applications and representatives.

This report signifies the Global Quantum Cryptography Market growth can be either boosted or declined based on different factors. The facts also have a tendency for the presence of the specific perceives of the historical pricing of the products and services. Additionally, the price of the products or the services also the numerous tendencies quantity-wise. Most of the vital fundamentals which are studied in the report also contain the significant rising of the people worldwide. the growing developments of the era, and the chain of the demand and supply that have been specified in the global open market of the Quantum Cryptography. These factors are expected to reveal certain hidden trends that aid in the better understanding of the market over the forecast period.

For Any Query on the Quantum Cryptography Market: https://www.adroitmarketresearch.com/contacts/enquiry-before-buying/958

About Us :

Contact Us :

Ryan JohnsonAccount Manager Global3131 McKinney Ave Ste 600, Dallas,TX 75204, U.S.APhone No.: USA: +1 972-362 -8199 / +91 9665341414

Read the rest here:
Quantum Cryptography Market 2020 Global Innovations, Competitive Analysis, New Business Developments and Top Companies Global Forecast to 2026 -...

Quantum Cryptography Market has seen a lot of changes throughout the last few decades and has been changing rapidly as the global market scope sees a great shift in the ways of operation and utilization of resources. This market report helps to assess the current position of the Quantum Cryptography market in the global market scene and sheds light on the history of the market in the past decades. And also contains a detailed account of the forecast of the Quantum Cryptography market over the forecast period up to the year 2026.

Key Players in the Quantum Cryptography Market: HP, Alibaba Group, McAfee, Raytheon, SK Telecom, Microsoft, Intel, QuintessenceLabs, IBM, Infineon, Lockheed Martin, Toshiba.

The report gives a complete account and assessment of the overall growth curve of the Quantum Cryptography market. The report gives a well-defined outline of the aspects that are essential in establishing a good revenue generation model in the Quantum Cryptography market. The report is equally useful for the current players to increase their dominance as well as aids the new players in the Quantum Cryptography market to create a mark for themselves in the global market landscape and challenge the front runners in the market.

Get Sample PDF Brochure@ https://www.reportsintellect.com/sample-request/1436874

Description:

The report contains a comprehensive account of the Quantum Cryptography market and its market scope over the global landscape. As the markets change continuously it becomes a task to predict the scope of the market and our report can help you get a good idea of the Quantum Cryptography market with an in-detail account of the history of the market and also the forecast up to the year 2026.

The clients can get complete insights into the Quantum Cryptography market from the given report. The report also aids in crafting business solutions to overcome the various obstacles of the market landscape that could hinder the progress and growth of the Quantum Cryptography market.

Quantum Cryptography Market Type Coverage:

Quantum key distributionQuantum Coin FlippingPosition-based quantum cryptographyPost-quantum cryptographyOthers

Quantum Cryptography Market Application Coverage:

Small and Medium EnterprisesLarge EnterprisesGoverning and Regulatory BodiesOthers

Get the discounted Report @ https://www.reportsintellect.com/discount-request/1436874

Reasons to Buy:

About Us:Reports Intellect is your one-stop solution for everything related to market research and market intelligence. We understand the importance of market intelligence and its need in todays competitive world.Our professional team works hard to fetch the most authentic research reports backed with impeccable data figures which guarantee outstanding results every time for you.So whether it is the latest report from the researchers or a custom requirement, our team is here to help you in the best possible way.

Contact Us:

sales@reportsintellect.com

PH +1-706-996-2486

US Address:

225 Peachtree Street NE,

Suite 400,

Atlanta, GA 30303

See original here:
Quantum Cryptography Market Growth, Analysis and Forecast to 2026 Key Players: HP, Alibaba Group, McAfee, Raytheon - Bipartisan Millennial

Colossus, the world's first electronic computer used to help decipher the Lorenz-encrypted (Tunny) messages between Hitler and his generals during World War II. (Photo: John Levine)

The 20th century was the golden age of surveillance.

High-speed communication went either by telegraph and telephone, which needed a license from the government, or by radio, which anyone can listen to. Codes were manual or electromechanical and were breakable, e.g., the Zimmermann telegram and Bletchley Park. (The UK government spent far more effort inventing a cover story for the source of the telegram than on the break itself, to avoid telling the world how thoroughly they were spying on everyone.) The few secure one-time pads were either so expensive they could only be used for a handful of the most important messages (SIGSALY) or so cumbersome they weren't used correctly and broken anyway (Venona.)

Historically, that was a very strange time for cryptography and espionage, but it's what politicians and law enforcement remember as the good old days, and think that it was normal to be able to spy on anyone, anywhere.

That was then. Now we have computers and better algorithms, so any $10 burner phone can do crypto that nobody can break. The algorithms and software are available all over the world. The genie isn't going back into the bottle, no matter how hard some parties demand that we push.

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Read the original post:
The Good Old Days in the Cryptography Wars - CircleID

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.

The latest cracks in Widevine concern the encryption technologys protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content.

As code protection is always evolving to address new threats, we are currently working to update our Widevine software DRM with the latest advancements in code protection to address this issue, Google said in a written statement provided to KrebsOnSecurity.

In January 2019, researcher David Buchanan tweeted about the L3 weakness he found, but didnt release any proof-of-concept code that others could use to exploit it before Google fixed the problem.

This latest Widevine hack, however, has been made into an extension for Microsoft Windows users of the Google Chrome web browser and posted for download on the software development platform Github.

Tomer Hadad, the researcher who developed the browser extension, said his proof-of-concept code was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.

Google called the weakness a circumvention that would be fixed. But Hadad took issue with that characterization.

Its not a bug but an inevitable flaw because of the use of software, which is also why L3 does not offer the best quality, Hadad wrote in an email. L3 is usually used on desktops because of the lack of hardware trusted zones.

Media companies that stream video online using Widevine can select different levels of protection for delivering their content, depending on the capabilities of the device requesting access. Most modern smartphones and mobile devices support much more robust L1 and L2 Widevine protections that do not rely on L3.

Further reading: Breaking Content Protection on Streaming Websites

Tags: David Buchanan, digital rights management, DRM, Google Widevine, L3, Tomer Hadad

This entry was posted on Monday, October 26th, 2020 at 7:54 pmand is filed under A Little Sunshine.You can follow any comments to this entry through the RSS 2.0 feed.You can skip to the end and leave a comment. Pinging is currently not allowed.

See the rest here:
Google Mending Another Crack in Widevine Krebs on Security - Krebs on Security

Stratagem Market Insights released the latest research report on the Quantum Cryptography Solutions Market, which includes the market size, market share, growth, emerging trends, business opportunities, and forecast to 2027. It also examines domestic regions as an international market and emerging segments, as well as market dynamics.

It also provides insights into the competitive landscape, market driving factors, the industrial environment, and the latest and upcoming technological advancements to see the general state of affairs of business and move forward to create moneymaking business methods effortlessly.

Get a FREE Sample Copy of the report:https://www.stratagemmarketinsights.com/sample/21553

The market research report also provides information on potential investment opportunities, strategic growth market analysis, and likely threats imposed on the client in the systematic and creative planning of the business models and strategies.

The major manufacturers covered in this report:

ID Quantique, MagiQ Technologies, Quantum XC, Qubitekk, QuintessenceLabs

Our research team has implemented a robust research methodology that includes SWOT analysis, Porters 5 force analysis, and real-time analysis. In addition, they have conducted interviews with industry experts to offer a report that will help clients formulate strategies accordingly. The critical data analysis in the Quantum Cryptography Solutions Market Report is built upright. This means the information is presented in the form of infographics, statistics, and straightforward graphics to make it an effortless and time-saving task for the customer.

Market Segmentation

The Quantum Cryptography Solutions market report is fragmented into product types, applications, and regional analysis. In this report, the product flow, distribution, and possible future innovations are bestowed in a detailed manner. It also provides accurate calculations for product sales in terms of volume and value.

Regional insights of Quantum Cryptography Solutions Market

In terms of geography, this research report covers almost all major regions of the world, such as North America, Europe, South America, the Middle East, and Africa, and Asia Pacific. Europe and North America are expected to increase over the next few years. The Quantum Cryptography Solutions market in the Asia Pacific is expected to grow significantly during the forecast period. The latest technologies and innovations are the most important characteristics of North America and the main reason the United States dominates the world market. The South American Quantum Cryptography Solutions market is also expected to grow in the near future.

Market Research Report Covers Impacts of COVID-19 To The Market.

The COVID-19 pandemic has dramatically changed the dynamics of the Quantum Cryptography Solutions market. This market research report includes extensive data on the impacts of the market. The research analyst team of the firm has been monitoring the market during this coronavirus crisis and has been talking with industry experts to finally publish a detailed analysis of the future scope of the market. They have followed a robust research methodology and got involved in primary and secondary research to prepare the Quantum Cryptography Solutions market report.

The main questions answered in the report:

Global Quantum Cryptography Solutions Market Industry Analysis assists clients with customized and syndicated reports of significant importance to the experts involved in data and market analysis. The report also calls for market-driven results that drive a feasibility study for customer needs. SMI guarantees validated and verifiable aspects of market data operating in real-time scenarios. Analytical studies are conducted to confirm customer needs with a thorough understanding of market capabilities in real-time scenarios.

The conclusion of this report provides an overview of the potential for new projects to be successful in the market in the near future, and the global Quantum Cryptography Solutions market in terms of investment potential in various sectors of the market covers the entire range.

Need a discount?

Note: *The discount is offered on the Standard Price of the report.

Request discount for this report @https://www.stratagemmarketinsights.com/discount/21553

Explore by UP

More:
Quantum Cryptography Solutions Market 2020 | Covid19 Impact Analysis | Global Industry Growth Prospects and Opportunity Assessment 2020-2027 - The...

Surfshark makes a key infrastructure upgrade, rolls out a new open-source VPN protocol, WireGuard that promises to improve VPN speeds for its users.

Surfshark has introduced support for WireGuard, an open-source virtual private network (VPN) protocol that promises to improve VPN speeds for users. The solution packs a double network address translation (NAT) system to ensure end-users privacy.

Gabrielle Racai, Communications Manager at Surfshark says the new VPN technology WireGuard demonstrates better results with both faster throughput speeds and lower ping times. As per popular request, weve rolled out WireGuard for all our users. The protocol is also easier to audit code-wise, which amounts to its security. WireGuard is furtherly improving the overall performance of Surfshark VPN, Racai said.

WireGuard is the most recent addition to Surfsharks selection of OpenVPN UDP / TCP, IKEv2/IPsec, and Shadowsocks protocols. The protocol is utilized in the Linux kernel as it is designed primarily for adoption on Linux systems.

Let us explore how WireGuard stacks up against rival VPN providers.

Security

WireGuard uses newer encryption technology than the widespread OpenVPN and IKEv2/IPSec protocols. The new VPN technology encrypts users data using thoroughly tested, modern ChaCha20, Curve25519, BLAKE2s, SipHash24, HKDF cryptography, thereby lending greater security compared to the commonly used OpenVPN and IKEv2/IPSec protocols.

User Privacy

Surfshark VPN features a double network address translation (NAT). NAT is designed for IP address conservation, which can change the IP address every time a user connects to the internet via a WireGuard VPN, ensuring more privacy for users.

According to Cisco, It enables private IP networks that use unregistered IP addresses to connect to the internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses, before packets are forwarded to another network.

See Also: Comcast & Arubas Partnership Proves VPN Is Not Dead Yet

Performance

WireGuards strengths lie in lightweight code and strong cryptographic primitives. Where other popular VPN protocols utilize about 400,000 lines of code, the WireGuard has approximately 1% of either OpenVPN or IPsecs codebase. This, combined with the use of state-of-the-art cryptography, generates better overall performance results. Racai told Toolbox, Its evident that the WireGuard stands out in the overly engineered landscape of VPN protocols. The WireGuard has about 1% of either OpenVPN or IPsecs codebase, making security audits significantly more efficient and less susceptible to security vulnerabilities.

Speed

A smaller, lightweight codebase roughly translates into faster execution. Besides, encryption technologies like ChaCha20, Curve25519, BLAKE2s, SipHash24, HKDF speed up cryptography, which is where other VPNs lag. Assuming that real-world functioning of Surfshark doesnt take a hit, its speed can be expected to improve even further.

Longtime tech veteran Jeff Hussey says VPNs, a two decade old technology, are brittle and not built to scale for the connected world of 2020 and beyond. He believes VPNs for remote access isnt the best approach to network security in todays multi-perimeter era, yet organizations worldwide continue to use VPNs to mask location data. Meanwhile, Lance Johnson, VP of Marketing, Trustgrid says newer technology like SASE, which is gathering steam stitches together elements of security and wide-area networking (WAN) into a cloud-native solution is well-positioned to edge out VPNs.

So, where does that leave VPNs? Its true new technologies are permeating the market faster than ever before. However, it takes quite a lot of time for any innovation to become commercially successful. It depends on the demand for such a model, the complexity of implementations, cost, and other factors.

Meanwhile, consumer VPN services usually aim to make privacy protection accessible for the masses by offering an affordable solution that is also easy to set up and use. Essentially, the ultimate goal of a VPN is to keep users information private and secure, whereas SASE has an entirely different target audience. In any case, VPN technology will not disappear as it is a cornerstone on which enterprise security mechanisms adhere, Racai said, in closing.

Let us know if you liked this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!

See the rest here:
Surfshark Brings Open-Source WireGuard Protocol to Its VPN Apps - Toolbox

Zoom has finally rolled out end-to-end encryption (E2EE) for both free and paid users worldwide, delivering on a promise made at the start of the pandemic.

In a system protected by E2EE, communication between meeting participants is encrypted using cryptographic keys held only on users devices. This means no third party, Zoom included, has access to the keys to decrypt private meeting data.

The company originally stated that end-to-end encryption would be reserved for paying customers only, but executed a swift U-turn after facing a backlash from users.

The feature is available immediately to all Zoom users in technical preview (meaning the firm is actively soliciting feedback) on client version 5.4.0 for Windows and Mac, Zoom for Android and Zoom Rooms. The service will also soon appear on Zoom for iOS, once the updated app has been greenlit by Apple.

In April, Zoom found itself in hot water when it emerged that claims its meeting participants were protected by full end-to-end encryption were unfounded. Instead, researchers discovered the service deployed a lesser form of encryption using the Transport Layer Security (TLS) protocol.

The company was forced to make a public apology and pledged to spend the following three months focused solely on improving the security of its platform. During this period, Zoom acquired secure messaging and file-sharing service Keybase, whose team was brought on board to develop full E2EE for the video conferencing service.

The arrival of end-to-end encryption for all users, then, finally makes good on a promise made more than six months ago.

Were very proud to bring Zooms new end-to-end encryption to Zoom users globally, said Jason Lee, Zoom CISO. This has been a highly requested feature from our customers, and were excited to make this a reality. Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature.

As per the new system, which harnesses 256-bit AES-GCM encryption, meeting hosts generate encryption keys which are distributed to fellow participants via public key cryptography. The encrypted information is indecipherable by Zoom, whose servers merely act as oblivious relays.

While many will celebrate the arrival of the new security feature, its important to note that E2EE protection does not apply to all Zoom meetings. The feature must be toggled on by the host, participants must join from the appropriate Zoom clients and the meeting must not contain more than 200 participants.

Activating E2EE will also result in diminished functionality, preventing users from accessing features including cloud recording, polling, breakout rooms and live transcription.

Follow this link:
Zoom finally delivers end-to-end encryption for all users - but not all of the time - TechRadar UK

Android 12 is seemingly set to get a natively integrated VPN (virtual private network) service integrated into its kernel. After having spotted development around this matter earlier this month, reports have noticed that Google is adding native support for cryptography-based VPN service WireGuard to both the supported Linux kernels of Android 12 Linux 4.19 and Linux 5.04. In simpler terms, Google adding WireGuard VPN support to Android 12s root kernels mean that subject to more work around its interface, users will get a native VPN service integrated into the Android ecosystem. This, in turn, can make using various internet services via home internet connections significantly safer.

WireGuard VPN is a relatively newer virtualisation service, but has so far received critically positive reactions from general users, developers and security experts alike. WireGuard uses cryptography and blockchain standards to securely mask your traffic, and also offers users full details of your internet traffic via its openly accessible activity logs. WireGuard VPN is already available as an app on the Google Play Store, and can be downloaded and used as a third party service.

Also Read: PUBG Banned: Heres How to Play PUBG Mobile Using VPN on Any Smartphone

Integrating the WireGuard VPN service into the root Linux kernels, based on which Android 12 will be forked, will likely bring about changes in the way the service functions for the end-user right now. It is important to note that XDA Developers has not spotted Google adding any interface features so far to the VPN integration in the Android Open Source Project (AOSP) forums and repositories as of now. As a result, exactly how the VPN service will be baked into the 2021 version of Android will remain a mystery for now. That said, we do expect Google to reveal more details about it at a date closer to the launch of Android 12s developer preview and stable builds some time in late 2021.

Given that Google has added support for WireGuard VPN to Linux kernel 4.19 as well, it may also be likely that a future upgrade to Android 11s framework may bring the feature to Android 11 devices as well. Android devices being launched now and in the coming months, which run on Android 11, will also likely support the new feature when they are upgraded to Android 12 next year.

Read this article:
Android 12 to feature native VPN support: Google integrates WireGuard VPN to new Linux kernel - MySmartPrice