Newsletter Archives

  • MS-DEFCON 2: 24H2 is around the corner

    Posted on September 5, 2024 at 02:45 CDT by Comment in the Forums

    alert banner

    ISSUE 21.36.1 • 2024-09-05

    MS-DEFCON 2

    By Susan Bradley

    I can always tell when fall is in the air.

    No, it’s not a decrease in temperatures — we’re still very hot here in Central California. No, it’s not that pumpkin-spice aroma around coffee shops.

    It’s the technology headlines about imminent updates from Redmond and Cupertino. Naturally, that means I’m raising the MS-DEFCON level to 2. Here are a few things you should consider.

    Anyone can read the full MS-DEFCON Alert (21.36.1, 2024-09-05).

    AskWoody Plus Alert, MS-DEFCON , , , , , , , , , , , , , ,

  • Goodin: Millions of high-security crypto keys crippled by newly discovered flaw

    Posted on October 16, 2017 at 08:27 CDT by Comment in the Forums

    What a morning for security news!

    Unlike the KRACK announcement – factually correct, certainly disturbing, but nothing to worry about at the moment – this is a horse of a much darker color.

    Dan Goodin reports in Ars Technica about a newly discovered flaw in public key encryption that uses RSA Library version v1.02.013. Quoting Graham Steel at Cryptosense:

    It means that if you have a document digitally signed with someone’s private key, you can’t prove it was really them who signed it. Or if you sent sensitive data encrypted under someone’s public key, you can’t be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.

    It’s a complex issue with immediate ramifications. IF you thought that fancy 2048-bit encrypted key is going to protect you, think again:

    When generated properly, an RSA key with 2048 bits should require several quadrillion years to be factorized with a general-purpose computer… While costs and times vary for each vulnerable key, the worst case, factorizing a 2048-bit RSA key generated with the faulty Infineon library … would require no more than 17 days and $40,300 using a 1,000-instance machine on Amazon Web Service and $76 and 45 minutes to factorize an affected 1024-bit key.

    What can you do about it? Nothing, unless you’re distributing RSA keys. But be on the lookout for new keys — ones generated by a different RSA library, or a different method entirely. If someone gives you a new ID card, this vulnerability could be at the heart of it.

    Other ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.