Tech News - Cryptography

Telegram is now joining the blockchain league with Telegram Open Network (TON), Telegram’s blockchain network. TON will integrate blockchain payments to 365 million users of Telegram by the end of October.  Earlier this month, Telegram released half a million lines of code for TON, new documentation, and a beta. According to Decrypt, “If TON delivers on promises of high speeds and decentralization, it’d be the largest blockchain launch in history.”  Regulators raised their voice against Facebook’s Libra  Regulators had raised their voice against Facebook's cryptocurrency, Libra and Libra’s launch has been pushed since it can lead to serious security issues. While Congress has already drafted bills to ban Libra.  Maxine Waters, chairwoman of the Committee on Financial Services said in the letter to Facebook, “It appears that these products may lend themselves to an entirely new global financial system that is based out of Switzerland and intended to rival U.S. monetary policy and the dollar.” It further reads, “This raises serious privacy, trading, national security, and monetary policy concerns for not only Facebook's over 2 billion users, but also for investors, consumers, and the broader global economy.” France is blocking Libra, according to The Independent, Bruno Le Maire, Economy and Finance Minister of France, said, “I want to be absolutely clear: In these conditions, we cannot authorize the development of Libra on European soil.” Regulators need more information on TON, hence unable to judge it Now the question arises, how will TON survive considering regulators’ strict eye. While most of the regulators haven’t added any comments on TON and few others think that more information is needed on TON. A spokesperson from the German Central Bank said, “We do not possess any specific information on TON. That's why we cannot comment on this app.”  A spokesperson from the European Data Protection Supervisor, a regulatory body on privacy said, “There is not much info indeed.” He further added, “Telegram will have to apply the GDPR; no specific TON regulation is needed here. Telegram will have to fulfill all compliance obligations.” These comments from the regulators don’t give any clarity based on TON. Mitja Goroshevsky, CTO of TON Labs pointed out that the lack of interest from regulators is because the Facebook-led Libra Association is quite different than TON. According to Mitja, Libra isn’t decentralized, whereas TON is a decentralized blockchain. Few other regulators think that TON doesn’t violate any laws but might face criticism by certain authorities who protect the financial system. According to others, TON needs to have a model designed wherein it will be responsible for controlling all the validators.  In a statement to Decrypt, Pavel Prigolovko, Vice President, Strategy, TON Labs, said, “TON has to switch from a model where all the validators are controlled by TON itself during the launch, to one where the community controls the majority of the validators.” Prigolovko further added, “This transition depends on the technical availability of the large Gram holders to become validators. There are quite a few technical challenges to become a validator, like setting up a reliable infrastructure with proper processes, scripts [and] monitoring.” TON will require to fulfill KYC details concerning user data Some of the regulators are sceptical about where will the user data get stored as Telegram hasn’t provided enough details regarding the same. As wallets will be linked, it is important to have certain clarity on where the data will be stored. TON will require the KYC details and users will have to follow the KYC regulations. Mitesh Shah, CEO of blockchain analytics company Omnia Markets Inc, said that Telegram has given little information about where and how user data is stored. “There are more users here than on any other chain, and having it stored in a proper place is one of the largest concerns.”  Goroshevsky noted, that neither Telegram nor TON would not require KYC functionality. That said, users will have to adhere to the KYC regulations of individual exchanges when buying or cashing out Grams.  Though KYC details are unique for an individual but this data can be used by the terrorists as few of them use Telegram to promote their campaigns. Users can make fake accounts and misuse the platform to hide the transfer of money.  Last month, Steven Stalinsky of Middle Eastern Media Research Institute told Decrypt about concerns that TON would be exploited by terrorists, who already use Telegram to promote violent campaigns. Even if KYC was implemented, Telegram wouldn’t be able to prevent subversive groups from using fake accounts to hide the transfer of money. On the contrary, according to Goroshevsky, since TON is a decentralized blockchain, it wouldn’t collect user data and it will be transparent. Goroshevsky said, “TON is not collecting user data hence it is not going to store it. TON is a decentralized blockchain and as any such blockchain, it will be fully open and transparent. And of course, that means all transaction details will be public, like on any other public ledger.” Considering the mixed reactions coming from regulators, it would be interesting to see if TON gets approval for its launch or faces the same fate as Facebook’s Libra. To know more about this news in detail, check out Decrypt’s post. Other interesting news in Security 10 times ethical hackers spotted a software vulnerability and averted a crisis New iPhone exploit checkm8 is unpatchable and can possibly lead to permanent jailbreak on iPhones Researchers release a study into Bug Bounty Programs and Responsible Disclosure for ethical hacking in IoT  

Last week, the team behind ZFS released zfs-0.8.2, an advanced file system. This release comes with support for 2.6.32 - 5.3 Linux kernels and comes with a list of changes. What’s new in zfs-0.8.2 The issue regarding the deadlock condition for scrubbing root pools on kernels has been resolved in this release. The team has made QAT related bug fixes. Fixes have been made to the zpool subcommands error message and unsupported options. zfs-dkms .deb package warning in the prerm script has been fixed. zvol_wait script now ignores partially received zvols. New service that waits on zvol links have been created. In etc/init.d/zfs-functions.in arch warning has been removed. Comments have been updated to match code. In this release, ZFS_DEV macro is used instead of literals. Slog test setup has been made more robust. Performance has been improved with the help of dmu_tx_hold_*_by_dnode(). In this release, default zcmd allocation has been increased to 256K. Error text for EINVAL in zfs_receive_one() has been fixed. Few users on Hacker News seem to be happy about this release and the progress made by the team behind zfs, a user commented on Hacker News, “I contributed a few patches to ZFS on Linux about 8 years ago - at a time when it was still very much in its infancy and panic'd when you looked at it in the wrong way. It's incredible how far they've come. We're using ZFS on Linux on about 120 servers at work and it's rock solid. Snapshots are a lifesaver in our day-to-day ops.”  Another user commented, “Always admired ZFS since when it came out. The talks by the creators were so enlightening.” Few others expected a block-pointer rewrite and background dedupe in this release. One of them commented, “Still no block-pointer rewrite?” To know more about this news, check out the official post. Other interesting news in programming Rust 1.38 releases with pipelined compilation for better parallelism while building a multi-crate project Mypy 0.730 releases with more precise error locations, display error codes and more! GNOME Foundation’s Shotwell photo manager faces a patent infringement lawsuit from Rothschild Patent Imaging  

Last week, APK Mirror and Android Police owner Artem Russakovskii reported that a cryptographic key used by Facebook developers to digitally sign its Free Basics by Facebook app has been compromised, and third-party apps are reusing the key. https://twitter.com/ArtemR/status/1159867541537169409 Russakovskii discovered this issue and reported it to Facebook earlier in August. Then Facebook pulled the original app listing from the Play Store and replaced it with a new app using a new signing cryptographic key. Since then, the company has not publicly divulged the nature of the compromised key. They have also not given any precise reason for the re-released app to its users, placing them at risk if they still have the old version installed. Before the listing was removed, the original Free Basics by Facebook app had over five million downloads on the Play Store. Websites like APK Mirror host Android apps for download. They do it for several reasons: to circumvent censorship, so users can download updates before they're widely rolled out, to mitigate geographic restrictions, and to provide a historical archive for comparison and ease of rolling back updates, among other reasons. Russakovskii writes, “In the last month, we've spotted third-party apps using a debug signing cryptographic key which matched the key used by Facebook for its Free Basics Android app.” The APK Mirror team notified Facebook about the leaked key, and the company verified it, pledging to address the issue in a new version of the app. The company claims it has prompted users to upgrade to the newer version of app but did not provide any specific reason for the update. Potential dangers of a compromised cryptographic key According to Android Police, the security of Android app updates hinges on the secrecy of a given app's signing cryptographic key. It's how app updates are verified as secure, and if it falls into the wrong hands, false updates could be distributed containing nefarious changes. As a result, developers usually guard signing keys quite closely. Of course, that security is entirely dependent upon developers keeping their app signing key secret; if it's publicly available, anyone can sign an app that claims to be an update to their app, and consumers' phones will easily install right over the top of the real app. So losing or leaking a signing key is a big problem. If signing keys fall into the wrong hands, third parties can distribute maliciously modified versions of the app as updates on venues outside the Play Store, and potentially trick sites similar to APK Mirror that rely on signature verification. Someone can easily upload a fake app that looks like it was made by Facebook to a forum or trick less wary APK distribution sites into publishing it based on the verified app signature. To make things a bit easier for developers, Google has started a service which allows developers to store app signing keys on its servers instead. The "Google Play App Signing," as it's called, means that app keys can't ever be lost and compromised cryptographic keys can be "upgraded" to new keys. Additionally, Android 9 Pie supports a new "key rotation" feature which securely verifies a lineage of signatures in case you need to change them. Facebook’s lax approach in addressing the security issue According to APK Mirror, the old app is telling users to move to the new version, but no specific statement has been provided to customers. A spokesperson from Facebook said to APK Mirror that users were simply notified of the requirement to upgrade in the old app. And the APK Mirror team is unable to check the old app or the specific message sent to customers, as the Free Basics app doesn't appear to work outside specific markets. Additionally, the new app listing on the Play Store makes no mention that the security of the old app has been compromised by the leaked signing cryptographic key, and the APK Mirror team did not find any disclosure about how this leak has impacted user security anywhere on Facebook's site or the internet.org site. When asked for a statement, Facebook spokesperson provided with the following: “We were notified of a potential security issue that could have tricked people into installing a malicious update to their Free Basics app for Android if they chose to use untrusted sources. We have seen no evidence of abuse and have fixed the issue in the latest release of the app.” What’s new in the security this week? Retadup, a malicious worm infecting 850k Windows machines, self-destructs in a joint effort by Avast and the French police A security issue in the net/http library of the Go language affects all versions and all components of Kubernetes GitHub now supports two-factor authentication with security keys using the WebAuthn API

Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Moscow’s voting system has a critical flaw in the encryption scheme Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256x3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further. Following Gaudry's discovery, the Moscow Department of Information Technology promised to fix the reported issue. In a medium blog post, they wrote, "We absolutely agree that 256x3 private key length is not secure enough. This implementation was used only in a trial period. In a few days, the key's length will be changed to 1024." (Gaudry has mentioned in his research paper that the current general recommendation is at least 2048 bits). Even after the response, Gaudry was still concerned about potential flaws caused by the recent big changes fixing the key length issue. Gaudy concerns proved true as recently another security researcher Alexander Golovnev, found an attack on the revised encryption scheme. The revised encryption algorithm still leaks messages Alexander Golovnev is the current fellow for Michael O. Rabin Postdoctoral Fellowship in Theoretical Computer at Harvard University. His research reveals that the new implementation of the encryption system also leaks a bit of the message. This is caused by the usage of ElGamal where the message is not mapped to the cyclic group under consideration. This flaw can be misused for counting the number of votes cast for a candidate, which is illegal (until the end of the election period). Golovnev says that security vulnerability is a major issue of the implemented cryptographic scheme. The attack does not recover the secret key as required by the public testing scenario but rather breaks the system without recovering the secret key. There is no response or solution from the Moscow Department of Information Technology regarding this vulnerability. Many people took to Twitter to express their disappointment at Moscow’s lamentable internet voting system. https://twitter.com/mjos_crypto/status/1166252479761330176 https://twitter.com/KevinRothrock/status/1163750923182780416 In 2018, Robert Mueller’s report indicated that there were 12 Russian military officers who meddled with the 2016 U.S. Presidential elections. They had hacked into the Democratic National Committee, the Democratic Congressional Campaign Committee, and the Clinton campaign. This year, Microsoft revealed that Russian hackers ‘Fancy Bear’ are attempting to compromise IoT devices including a VOIP, a printer, and a video decoder across multiple locations. These attacks were discovered in April, by security researchers in the Microsoft Threat Intelligence Center. Microsoft reveals Russian hackers “Fancy Bear” are the culprit for IoT network breach in the US. FireEye reports infrastructure-crippling Triton malware linked to Russian government tech institute Russian government blocks ProtonMail services for its citizens

In September 2018, LightYear acquired Chain to form a combined company called Interstellar. The company is working on a new blockchain architecture with a focus on privacy, security, and safety named Slingshot. https://twitter.com/go_interstellar/status/1039164551139287040 The Slingshot project encapsulates the following sub-protocols and components: Zero-knowledge Virtual Machines (ZkVM) The authors of TxVM, a virtual machine for blockchain transactions have come up with ZkVM. https://twitter.com/oleganza/status/1126612382728372224 It is a blockchain transaction format with cloaked assets and zero-knowledge smart contracts. Its goal is to make transactions customizable, confidential, highly efficient, and simple. It allows custom contracts via programmable constraints over encrypted data and assets. Slingshot also has an API called Token for issuing assets using ZkVM. ZkVM ensures confidentiality by fully encrypting quantities and types of assets. It also makes it certain that the asset flow is hidden at the transaction level allowing individuals and organizations to safely perform their transactions directly on the shared ledger. Its data model is compact, taking up only a few kilobytes. You can verify transactions parallelly in 1-2 ms per CPU core and bootstrap nodes instantly from a network-verified snapshot. Spacesuit, Rust implementation of the Cloak protocol Slingshot's Spacesuit is the implementation of the Cloak protocol in Rust. Cloak is a protocol for confidential assets based on the Bulletproofs zero-knowledge circuit proof system. With cloaked transactions, you can exchange values that have different asset types. Musig, a signature scheme for signing messages Slingshot's Musig is the Rust implementation of Simple Schnorr Multi-Signatures. It is a signature scheme for signing single or multiple messages. You can sign a single message with one public key. This public key can be created from a private key of a single party or by aggregating multiple public keys. Multiple messages can be signed with multiple public keys. Keytree, a key blinding scheme for deriving hierarchies of public keys Keytree is a 'key blinding scheme' with which you can derive hierarchies of public keys for Ristretto-based signatures. It can derive a set of public keys with only one key without using any private keys. This enables a system to generate unique receiving addresses without knowing any details about the private key. For instance, an online merchant can generate invoices with unique keys by keeping only public keys on the server, without compromising the security of the private keys. Slidechain, a demonstration of a minimal Stellar sidechain Slingshot includes Slidechain that allows you to peg funds from the Stellar testnet. You can then import them to a sidechain and move them back to Stellar if needed. A sidechain is generally used for operations that aren’t possible or permitted on the originating network. The sidechain in Slidechain is based on TxVM for allowing safe, general-purpose smart contracts and token issuance. The pegged funds will remain immobilized on the originating network while the imported funds exist on the sidechain. On a Reddit thread, a user explained, “Looks more like an entire network upgrade to me. An overhaul that offers privacy, more scalability, and sidechains. It would be odd to offer a sidechain that operates as a better version of stellar.” Another user added, “Ever since Chain was acquired, there has been little information about what Interstellar is building for Stellar. Chain offered a blockchain service called Sequence. Sequence allowed you to easily setup a ledger/blockchain and integrate it with your application/business. I believe this repo details an enhanced version of Chain with Stellar integration. Businesses can create their own private network while having full access to the Stellar network to transact with other chain networks. This would function as a second layer solution on top of Stellar. Other networks such as OMG and Cosmos function similarly to this iirc.” To know more about Slingshot, check out its GitHub repository. Blast through the Blockchain hype with Packt and Humble Bundle Installing a blockchain network using Hyperledger Fabric and Composer[Tutorial] Google expands its Blockchain search tools, adds six new cryptocurrencies in BigQuery Public Datasets

Last year, the company announced about adopting an approach to anti-tracking considering user data privacy. The company listed a few key initiatives mitigating harmful practices like fingerprinting and cryptomining. Yesterday, Mozilla announced that it is adding a new feature to protect its users against threats and web annoyances in future releases of Firefox. This new feature is available in the beta version of Firefox 67, and the nightly version of Firefox 68. They will be available in the stable release of Firefox in a few weeks. Mozilla has also added a feature to block fingerprinting and cryptomining in Firefox Nightly as an option for users to turn on. The cryptomining and fingerprinting blocks work similar to anti-tracking blocks in current versions of Firefox. Fingerprinting and crypto mining scripts A variety of “fingerprinting” scripts are embedded invisibly on many web pages to harvest a snapshot of users’ computer configuration. These scripts further build a digital fingerprint that can be used for tracking users across the web, even if the user has cleared the cookies. Fingerprinting thus violates Firefox’s anti-tracking policy. Cryptominers is another category of scripts that run costly operations on users’ web browser without the knowledge or consent of the users. It further uses the power of the user’s CPU to generate cryptocurrency for someone else’s benefit. These scripts slow down the computer speed and the drain battery which affects the electric bill. Firefox’s move towards blocking these scripts To overcome these threats, Mozilla has announced new protections against fingerprinters and cryptominers. The company has collaborated with Disconnect and have compiled the list of domains that serve fingerprinting and cryptomining scripts. Cryptomining and fingerprinting blocks have been disabled by default for now but users can activate them in a couple of clicks in the browser settings under “Privacy & Security.” Mozilla has given an option to users option in the latest Firefox Nightly and Beta versions for blocking both kinds of scripts as part of their Content Blocking suite of protections. The team at Mozilla will be testing these protections in the coming months. To know more about this news, check out the official announcement by Mozilla. Mozilla is exploring ways to reduce notification permission prompt spam in Firefox Mozilla launches Firefox Lockbox, a password manager for Android Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service  

The work collaboration hub, Slack, yesterday, launched Slack Enterprise Key Management (EKM) for its enterprise customers. The feature is introduced to give customers control over their encryption keys used for encrypting and decrypting the files and messages they share on their Slack workspace. https://twitter.com/SlackHQ/status/1107646162079637506 Following are some of the advantages Slack EKM brings in: An extra layer of protection Slack EKM allows customers to use their own keys, which are stored in Amazon’s Key Management Service (AWS KMS). This will act as an extra layer of protection allowing privacy-conscious organizations such as banks share data, while also combating the risk. Better visibility into how the keys are being used It logs the usage of your keys to encrypt and decrypt messages and files in AWS KMS’s CloudWatch and CloudTrail. The detailed activity logs provide customers much more visibility into how the keys are being accessed. Administrators can control access very granularly What sets Slack EKM apart from general EKM services is that, in the case of any security threat, instead of revoking access to the entire product, it allows administrators to revoke access granularly. They can revoke access at the organization, workspace, channel, time-frame, and file levels. This type of revocation process ensures that the teams can continue to do their day-to-day work while administrators are taking care of the threat. On a phone interview, Slack Head of Enterprise Product, Ilan Frank told VentureBeat, “So today all data in Slack is encrypted at rest and in transit — but in rest, specifically. We, of course, have keys to those, and this now puts that control in the customer’s hands. It’s a feature that our large customers have been asking for for a very long time.” To know more about Slack EKM, check out Slack’s official website. Slack removed 28 accounts: A step against the spread of hate speech Slack confidentially files to go public Airtable, a Slack-like coding platform for non-techies, raises $100 million in funding

Yesterday, IBM launched its Blockchain World Wire, a global blockchain network for cross-border payments that will make use of Stablecoin by U.S. dollars and cryptocurrency to make near real-time cross border financial transactions. It is based on distributed ledger technology (DLT) for regulated financial firms. IBM Blockchain World Wire is a real-time global payments network that works towards clearing and settling foreign exchange, cross border payments and remittances. Currently, this network can transfer funds to more than 50 countries using 47 digital coins backed by fiat currencies. According to IBM, World Wire is the first blockchain network of its kind to integrate payment messaging and clearing and settlement on a single unified network while allowing participants to dynamically choose from a variety of digital assets for settlement. According to a report by Cheddar, six international banks have signed letters of intent to issue their own Stablecoins backed by their national fiat currencies including Brazil’s Banco Bradesco, South Korea’s Bank Busan and the Philippines’ Rizal Commercial Banking Corporation on IBM’s Blockchain World Wire. Advantages of Blockchain World Wire Faster payment processing Blockchain World Wire provides simultaneous clearing and settlement and eliminates multiple parties processing transactions. Lower costs The World Wire comes with reduced capital requirements for cross-border transactions. Even the clearing costs have been lowered. Transparency The World Wire provides end-to-end transparency and one exchange fee between all currencies which makes it easier. If two financial institutions that are transacting agree upon using either a Stablecoin, central bank digital currency or another digital asset as the bridge asset between any two currencies then they will be provided with trade and important settlement instructions. The institutions can use their existing payment systems by connecting it to World Wire’s APIs in order to convert the first fiat currency into the digital asset. Further, the World Wire converts the digital asset into the second fiat currency, that completes the transaction. The transaction details are recorded onto an immutable blockchain for clearing purpose. Marie Wieck, General Manager, IBM Blockchain, said, “We’ve created a new type of payment network designed to accelerate remittances and transform cross-border payments to facilitate the movement of money in countries that need it most. By creating a network where financial institutions support multiple digital assets, we expect to spur innovation and improve financial inclusion worldwide.” To know more about this news, check out IBM’s official website. Google expands its Blockchain search tools, adds six new cryptocurrencies in BigQuery Public Datasets Blockchain governance and uses beyond finance – Carnegie Mellon university podcast Stable version of OpenZeppelin 2.0, a framework for smart blockchain contracts, released!

Researchers from the University of California and the University of Cambridge have come up with Constant-Time WebAssembly (CT-Wasm), the details of which are shared in their paper: CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem in December. It is a type-driven, strict extension to WebAssembly, which aims to address the state of cryptography in the web ecosystem. CT-Wasm provides developers a principled direction for improving the quality and auditability of web platform cryptography libraries while also maintaining the convenience that has made JavaScript successful. Why CT-Wasm is introduced? A lot of work has been done towards the implementation of client and server-side cryptography in JavaScript. But, there are still some widespread concerns related to security in JavaScript, which CT-WASM tries to solve: Side channels: While implementing a cryptography algorithm, the functional correctness is not the only concern. It is also important to ensure the properties of information flow that take into account the existence of side channels. For instance, an attacker can use the duration of the computation as a side channel. They can compare different executions to find out which program paths were used and work backward to determine information about secret keys and messages. Additionally, modern JavaScript runtimes are extremely complex software systems, that include just-in-time (JIT) compilation and garbage collection (GC) techniques that can inherently expose timing side-channels. In-browser cryptography: Another concern is, in-browser cryptography, which refers to the implementation of cryptographic algorithms using JavaScript in a user’s browser. Unskilled cryptographers: Most of the JavaScript cryptography is implemented by unskilled cryptographers who do not generally care about the most basic timing side channels. How it solves the concerns in JavaScript cryptography? Recently, all browsers have added support for WebAssembly (WASM), a bytecode language. As Wasm is a low-level bytecode language, it already provides a firmer foundation for cryptography than JavaScript: Wasm’s “close-to-the-metal” instructions provide more confidence in its timing characteristics than JavaScript’s unpredictable optimizations. It has a strong, static type system, and principled designed. It uses a formal small-step semantics and a well-typed Wasm program enjoys standard progress and preservation properties. CT-Wasm extends Wasm to become a verifiably secure cryptographic language by augmenting its type system and semantics with cryptographically meaningful types to produce Constant-Time WebAssembly (CT-Wasm). It combines the convenience of in-browser JavaScript crypto with the security of a low-level, formally specified language. Using CT-Wasm, developers can distinguish between secret data such as keys and messages and public data. After distinguishing the secret data, they can impose secure information flow and constant-time programming disciplines on code that handles secret data and ensure that well-typed CT-Wasm code cannot leak such data. CT-Wasm allows developers to incorporate third-party cryptographic libraries as they do with JavaScript and ensures that these libraries do not leak any secret information by construction. For more details, read the paper: CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem. The elements of WebAssembly – Wat and Wasm, explained [Tutorial] Now you can run nginx on Wasmjit on all POSIX systems Introducing Wasmjit: A kernel mode WebAssembly runtime for Linux

This Christmas eve, team DragonFly released the 54th version, DragonFly BSD 5.4.1, a free and open-source Unix-like operating system. This version comes with a new system compiler in GCC 8, improved NUMA support, a large number of network and virtual machine driver updates. This release also has significant HAMMER2 improvements and better WLAN interface handling. https://twitter.com/dragonflybsd/status/1077205440650534912 What’s new in DragonFly BSD 5.4.1 Big-ticket items This release comes with much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. Both the memory subsystem and the scheduler now understand the functionality of Threadripper 2990WX's architecture. The team at DragonFly has been working on improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks. This release comes with major updates to dports. Concurrency across multiple ttys and ptys have been improved. GCC 8 DragonFly 5.4.1 comes with GCC 8.0, and runs as the default compiler. It is also used for building dports. HAMMER2 This release comes with HAMMER2 which is the default root filesystem in non-clustered mode. It increases bulkfree cache to reduce the number of iterations required. It also fixed numerous bugs. This release comes with improved support on low-memory machines. This release comes with significant pre-work on the XOP API to help support future networked operations. Major changes Security Issues The machdep.spectre_supportsysctl can be now used to probe the spectre support, and machdep.spectre_mitigation sysctl to enable/disable support. The default /root perms has been changed from 755 to 700 in the build template. Delayed FP state has been removed to avoid the known side-channel attack. This release comes with clean FP state on switch to avoid known side-channel attack. There zero user registers on entry into kernel (syscall, interrupt, or exception) to avoid speculative side-channel attacks. Kernel This release comes with updated drm to match Linux kernel 4.7.10 in a number of locations. The radeon driver has been updated; currently matches Linux 3.18. CVE-2018-8897 has been mitigated. This release comes with an added timer support x2apic A private_data field thas been added to struct file for improving application support. SPINLOCK and acpi_timer performance has been improved. A dirty vnode management facility has been added Bottlenecks from the rlimit handling code has been removed. The size of the vm_object hash table has been increased by 4x to reduce collisions. Concurrent tmpfs and allocvnode() has been improved. The namecache performance has been improved. The syscall path has been optimized to improve performance. Driver updates With this release, serial-output-only installs are now possible. This version of DragonFly comes with  virtio_balloon memory driver. With this release, /dev/sndstat can now be opened multiple times by the same device. MosChip PCIe serial communications are now supported. Missing descriptions for usb4bsd C610/X99 controllers have been added. This release comes with an added support for PCIe serial com and console support. Old PCI and ISA serial drivers have been removed. Userland This release comes with an added rc support for ipfw3. Vis(3) and unvis(3) have been updated. With this release, pciconf database has been updated. tcsetsid() has been added to libc. The buildworld concurrency has been improved. Networking With this release, the network tunnel driver, tun(4), has been cleaned up and updated. It's now clonable for anyone building VPN links. The arp issue in the bridge code has now been fixed. Interface groups are now supported in the kernel and pf(4). The ENA(Elastic Network Adapter) network driver has been added to DragonFly 5.4.1. Package updates With this release, there are a number of options for running a web browser on DragonFly which includes, Chromium, Firefox, Opera, Midori, Palemoon, etc. Users are appreciating the efforts taken for this project and especially, the hammer storage is being appreciated. Though few users are complaining about the speed of the process which is very slow. The HAMMER2 used in this release is BSD licensed so it might have better potential as a Linux kernel module. Read more about this release on DragonFly BSD. Google employees join hands with Amnesty International urging Google to drop Project Dragonfly Key Takeaways from Sundar Pichai’s Congress hearing over user data, political bias, and Project Dragonfly As Pichai defends Google’s “integrity” ahead of today’s Congress hearing, over 60 NGOs ask him to defend human rights by dropping DragonFly

Yesterday, Microsoft released an out-of-band patch for a vulnerability discovered in the Internet Explorer that attackers are actively exploiting on the Internet. The IE zero-day can allow an attacker to execute malicious code on a user's computer. The vulnerability has been assigned ID CVE-2018-8653 and the security update is released as KB4483187; titled "Cumulative security update for Internet Explorer: December 19, 2018". It is available for Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, and Internet Explorer 9 on Windows Server 2008. Microsoft has acknowledged Clement Lecigne of Google’s Threat Analysis Group for reporting the exploitation of this Internet Explorer vulnerability. Apart from the security advisory released yesterday, neither Microsoft or Google has shared any details about the attacks involving the flaw. Vulnerability Details According to Microsoft's security advisory, the remote code execution vulnerability was found in IE’s memory handling in Jscript.dll.  An attacker could corrupt IE’s memory to allow code execution on the affected system. The attacker could convince a user to visit a malicious website, which could then exploit this vulnerability, executing code on the user’s local machine. After exploiting the vulnerability, the attackers would be able to perform commands on the victim's system such as downloading further malware, scripts, or executing any command that the currently logged in user has access to. The issue can also be exploited through applications that embed the IE scripting engine to render web-based content such as the apps part of the Office suite. According to Microsoft, the attacker will get code execution rights under the same privileges the victims have. If the victim is using an account with limited access, the damage can be contained to simple operations, however, in case of a user having administrator rights, the attacker can increase the scope of the damage done. Mitigations and Workarounds According to ZDNet, in the previous four months, Microsoft has patched four other zero-days. All these zero-days allow an "elevation of privilege". This means that if a victim has missed any of the previous four Windows Patch Tuesday patches, an attacker can chain the IE zero-day with one of the previous zero-days (CVE-2018-8611, CVE-2018-8589, CVE-2018-8453, CVE-2018-8440) to gain SYSTEM-level access, and take over a targeted computer. Microsoft has assured customers who have Windows Update enabled and have applied the latest security updates that they are automatically protected against exploits. They have advised users to install the update as soon as possible, even if they don't normally use IE to browse sites. For those who want to mitigate the vulnerability until the update is installed, they can do the same by removing privileges to the jscript.dll file for the Everyone group. According to Microsoft, using this mitigation will not cause problems with Internet Explorer 11,10, or 9 as they use the Jscript9.dll by default. There are no workarounds listed on the security advisory for this vulnerability. Read the full security advisory on Microsoft’s blog. Microsoft announces Windows DNS Server Heap Overflow Vulnerability, users dissatisfied with patch details Microsoft calls on governments to regulate Facial recognition tech now, before it is too late NYT says Facebook has been disclosing personal data to Amazon, Microsoft, Apple and other tech giants; Facebook denies claims with obfuscating press release  

Yesterday, Sennheiser, an audio device maker issued a fix for a major software blunder that let hackers  easily carry out man-in-the-middle attacks by cryptographically impersonating any website on the internet. What exactly happened? HeadSetup established an encrypted websocket with a browser to allow Sennheiser headphones and speaker phones to work smoothly with computers. A self-signed TLS certificate is installed in the central place that is reserved by the operating system for storing browser-trusted certificate authority roots. This location is called the Trusted Root CA certificate store in Windows and macOS Trust Store for Mac. This self-signed root certificate installed by version 7.3 of the HetSetup pro application gave rise to the vulnerability as it kept the private cryptographic key in such a way that it could be easily extracted. Since, the key was identical for all the installations of the software, hackers could easily use the root certificate for generating forged TLS certificates that impersonated any HTTPS website on the internet. Though the self-signed certificates were mere forgeries, they would still be accepted as authentic on computers as they store the poorly secured certificate root. Even the certificate pinning, a forgery defense can’t do anything to detect such hacks. According to Secorvo, a security firm, “the sensitive key was encrypted with the passphrase SennheiserCC. The key was then encrypted by a separate AES key and then base64 encoded. The passphrase was stored in plaintext in a configuration file. The encryption key was found by reverse-engineering the software binary.” Secorvo researcher André Domnick holds a control over a certificate authority which could be trusted by any computer that had installed the vulnerable Sennheiser app. Dominick said, “he tested his proof-of-concept only against Windows versions of HeadSetup but that he believes the design flaw is present in macOS versions as well.” A solution which didn’t prove to be succesful A later version of the Sennheiser app was released to solve this issue. This one came with a root certificate installed but it didn’t include the private key. It  seemed like a good solution until the update failed to remove the older root certificate. This was a major failure which caused anyone who had installed the older version, susceptible to the TLS forgeries. Also, uninstalling the app wasn’t enough as it didn’t remove the root certificates that made users vulnerable to the attack. For the computers that didn’t have the older root certificate installed, the newer version was still causing trouble as it installed a server certificate for the computer’s localhost, i.e. 127.0.0.1. Users have given a negative feedback as it was a major blunder. One of the users commented on ArsTechnica’s post, “This rises to the level of gross negligence and incompetence. There really should be some serious fines for these sorts of transgressions.” The company ended up violating CA/Browser Forum: Baseline Requirements to issue certificates which itself was a big problem. This latest threat opens up many questions including the most crucial ones ‘If there is still a safer way to get a HTTPS website communicate directly with a local device?’ Also, ‘if these companies are taking enough steps to protect the users from such frauds?’ All users that have installed  the app are advised that they should remove or block the installed root certificates. Microsoft has proactively removed the certificates so users need not take any further actions. However users have to manually remove the certificates from Macs and PCs. Read more about this news on ArsTechnica. Packt has put together a new cybersecurity bundle for Humble Bundle Blackberry is acquiring AI & cybersecurity startup, Cylance, to expand its next-gen endpoint solutions like its autonomous cars’ software IBM launches Industry’s first ‘Cybersecurity Operations Center on Wheels’ for on-demand cybersecurity support

X-Lab, Baidu’s security lab focused on researching and developing industry-leading security solutions, today released the latest version of MesaLink, a cryptographic memory safe library for securing end-to-end communications. Encrypted communication is a cornerstone of Internet security, as it provides protection from vulnerabilities for a wide variety of applications like cloud computing, blockchain, autonomous driving and Internet of Things. Existing solutions for securing end-to-end communications are implemented with programming languages like C/C++, which makes them particularly susceptible to memory safety vulnerabilities. Heartbleed Bug, for example, is a serious memory safety vulnerability in OpenSSL cryptographic software library that allows attackers to steal information protected by encryption. “OpenSSL, one of the most prominent implementations of the SSL/TLS protocol, has been protecting the Internet for the past two decades,” said Tao Wei, Chief Security Scientist at Baidu, Inc. “It has made a significant contribution to the evolution of the Internet. However, cryptography and protocol implementations of SSL/TLS are complex, and SSL/TLS is nearly impossible to implement without vulnerabilities. When Heartbleed was discovered in 2014, it affected two-thirds of the Internet, causing detrimental loss around the globe. Heartbleed is considered one of the most serious vulnerabilities since the commercialization of the Internet.” MesaLink, unlike OpenSSL, is based on Baidu’s advanced Hybrid Memory Safety Model, which has revolutionized memory safety systems at the software architecture level. MesaLink is well-guarded against a whole class of memory safety vulnerabilities and withstands most exploits. MesaLink aims to be a drop-in replacement for the widely adopted OpenSSL library. By providing OpenSSL-compatible APIs, it enables developers of preexisting projects to smoothly transition to MesaLink. For example, curl, a popular library for transferring data, recently integrated MesaLink, which now easily extends its presence into a wide variety of applications where OpenSSL used to dominate. Another promising example is with Android, in which MesaLink is able to transparently establish secure communications for any installed app without changing a single line of code. Beyond memory safety and OpenSSL compatibility, MesaLink also provides competitive performance. With secure and efficient cryptographic APIs, MesaLink reduces the time to estasblish a trusted communication channel between the client and server, providing a faster web browsing experience to users. “Heartbleed is an example of why C/C++ cannot meet the memory safety expectations in SSL/TLS implementations,” add Wei. “To eliminate vulnerabilities like Heartbleed, the MesaLink project was created. We expect MesaLink could be the next OpenSSL that protects secure communication on the Internet for the foreseeable future.” MesaLink has already been adopted in products like smart TVs and set-top boxes. As part of Baidu's Open AI System Security Alliance and AIoT Security Solutions, it has enabled more than 2 million smart TVs to securely connect to the cloud. Baidu releases EZDL – a no-code platform for building AI and machine learning models Baidu Apollo autonomous driving vehicles get machine learning based auto-calibration system Baidu announces ClariNet, a neural network for text-to-speech synthesis

Google announced yesterday the release of a new version of its multi-language, cross-platform cryptographic library, named, Tink 1.2.0 to secure data. Earlier versions of Tink are already in use by Google to secure data of their products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. Tink 1.2.0 is built on top of libraries such as BoringSSL, and Java Cryptography Architecture. It comprises cryptographic APIs that are secure, easy to use, and hard to misuse. With Tink 1.2.0, it is easy to perform cryptographic operations like data encryption, digital signatures, etc, as it requires only a few lines of code. It focuses on eliminating as many data misuses as possible. For instance, if the encryption mode needs nonces and reusing nonces would make the encryption mode less secure, then Tink does not allow the user to pass nonces. Tink 1.2.0 also indicates security properties (e.g., safe against chosen-ciphertext attacks) directly in interfaces. This enables security auditors and automated tools to quickly discover usages where security guarantees don’t align with the security requirements. It provides support for key management, which includes, key rotation and phasing out of deprecated ciphers. Other than that, Tink 1.2.0 is customizable. This means that it is easy to add a custom cryptographic scheme or an in-house key management system that can work seamlessly with other parts of Tink. All the parts of Tink are easily removable as well as compostable. The components in Tink 1.2.0 can be selected and assembled in various combinations. As an example, if only digital signatures are needed, then symmetric key encryption components can be excluded to reduce the code size in your application. For more information, check out the official Google blog. Say hello to Sequoia: a new Rust based OpenPGP library to secure your apps Google releases new political ads library as part of its transparency report Google slams Trump’s accusations, asserts its search engine algorithms do not favor any political ideology

GnuPG developers have recently begun working on Sequoia, a new OpenPGP implementation in Rust. OpenPGP is an open, free version of the Pretty Good Privacy (PGP) standard. It defines standard formats for emails and other message encryption and is based on the original PGP (Pretty Good Privacy) software. Sequoia is an OpenPGP library that provides easy-to-use cryptography for applications. It helps you protect the privacy of your users and is easy to incorporate into your application, no matter what language you use. It helps you manage your keys better as its keystore stores keys and updates them so that new keys or revocations are discovered in a timely manner. It is currently in development led by three former GnuPG developers, Neal H. Walfield, Justus Winter, and Kai. The project is funded by the  p≡p foundation, where each of the aforementioned developers has been working since fall 2017. What motivated the developers for this new implementation was their experience with GnuPG, a free software replacement for Symantec's PGP cryptographic software. PGP or Pretty Good Privacy is a program which is used to encrypt and decrypt texts, emails, files, directories, etc. to increase the security of data communications. According to Neal H. Walfield, GnuPG posed several problems as “it is hard to modify due to lack of unit tests and tight component coupling”. He also mentioned other reasons like how a lot of developers are unsatisfied with GnuPG’s API and that GnuPG can’t be used on iOS due to GPL. The developers also have major social and technical goals in mind for Sequoia. “The social goals are -- to create an inclusive environment in our project, it should be free software and -- community-centered,” says Neal. Here’s the video of Neal introducing the new OpenPGP library:  Sequoia  On the technical side, the team is taking a different approach. They are putting the library API first, and a command-line interface tool, second. Neal says that the team “encourages” the users to use the library. They also aim to create an API which is friendly, easy to use and supports all modern platforms such as Android, iOS, Mac, etc. Let’s have a look at how Sequoia is built. Starting at the bottom level, we have the OpenPGP library which provides the low-level interface. There are two services built on top of this library, namely, Sequoia network service ( helps with accessing keyservers) and Sequoia-store which is used for accessing and storing the public keys along with the private keys.    Architecture of Sequoia On top of these three, there is a Sequoia library, a high-level API. If it’s a rust application, then it can use this library directly or else it can access the library via FFI ( foreign function interface). Apart from this, the vision for Sequoia is “a nice OpenPGP implementation -- with focus on user development, and its community” says Neal. For more information on Sequoia, check out the official Sequoia documentation. Will Rust Replace C++? Mozilla is building a bridge between Rust and JavaScript Perform Advanced Programming with Rust