Category Archives: Encryption

Internet security flaw puts millions at risk

Posted on by

Internet users have been warned that sensitive information such as passwords and credit card details have been at risk of theft due to a flaw in the internet's most common encryption software.

The bug, dubbed Heartbleed, was in place for more two years until a fix was announced on Tuesday, andwould have allowed hackers to snoop on encrypted information held and processed by up to 500,000 web servers using the software.

Affected websites and service providers were told to install the update as soon as possible, before hackers were able exploit the now-public flaw.

Tor, the internet anonymity project, said in a statement that users "might want to stay away from the internet entirely for the next few days while things settle".

The flaw was discovered by researchers at the Finnish security firm, Codenomicon.

"We have tested some of our own services from attacker'sperspective. We attacked ourselves from outside, without leavinga trace," Codenomicon said on its website, heartbleed.com.

The breach involves OpenSSL, the most common internet encryption technology which is marked by the small, closed padlock and "https:" on web browsers. The bug meant traffic was subject to snooping even if the padlock was "closed".

The internet company, Yahoo, said its services such as email, Flickr and Tumblr were affected by the flaw, but said it had implemented the fix and there was no evidence security had been compromised.

The company said in a statement Tumblr: "This might be a good day to call insick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may havebeen compromised.''

273

See the original post:
Internet security flaw puts millions at risk

‘Nearly unbreakable’ encryption inspired by biology

Posted on by

A team of physicists has built a "nearly unbreakable" encryption system devised using the same mathematical principles that explain how the human heart and lungs function in unison.

The system has been described in a paper published in Physical Review X, penned by Tomislav Stankovski, Peter McClintock and Aneta Stefanovska of Lancaster University, and a patent has already been filed. The kicker is, not one of the physics professors had experience in encryption. Their joint backgrounds are in engineering, nonlinear dynamics and biomedical/physics engineering, but when they read up on the latest discoveries around the cardiorespiratory coupling function -- the way in which the heart and lungs work together continuously -- the potential applications became clear.

"Knowing about some of the open problems in encryption, we suddenly realised that what we tried to understand in biology can also be applied here," Stefanovska told Wired.co.uk. "Coupling" essentially involves a time-varying delay, that when translated to encryption systems means an infinite number of secret encryption keys shared by the sender and recipient is possible. It means it is "highly resistant to conventional methods of attack" according to Stankovski.

Stefanovska explains: "The information signals are encrypted in the coupling functions; i.e. they modulate the nonlinear coupling functions between two dynamical systems (analogous to the heart and lungs). Two signals, one from each system, are transmitted through the public channel. At the receiver, knowing what those coupling functions are, the process can be reversed."

The system also lowers the chances quite dramatically of any interference and "random noise" that can weaken such communication systems. "This makes it suitable for implementation not only for landline but also for mobile and wireless communications, where the level of external interference tends to be higher," write the authors in Physical Review X.

The system has been rigorously tested, leading McClintock to claim: "This promises an encryption scheme that is so nearly unbreakable that it will be equally unwelcome to internet criminals and official eavesdroppers." Stefanovska explains that the word "nearly" is only used for the sake of caution -- to date, there have been no possible breaches to the system identified.

The filed patent names Robert Young, a cybersecurity expert, as a co-developer, and the team says so far "initial reactions were positive" from industry experts.

When we asked Stefanovska about the impact such a system could have in a post-NSA/GCHQ mass surveillance world, she responded: "The potential certainly exists -- and the importance and relevance is self-evident. It depends on the outcome of attempts to break the encryption scheme. If it resists attack to the extent we anticipate, there can indeed be real impact."

Continue reading here:
'Nearly unbreakable' encryption inspired by biology