Oct 16, 2017

Millions of encryption keys vulnerable to new exploit

A customer tries out a new Apple iPhone 6S at an Apple store in Chicago. Photo: Kiichiro Sato / AP

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, Dan Goodin reports for ArsTechnica. The researchers exposed that some of these keys can be easily hacked, which is notable since it was previously thought that these kinds of keys were virtually impervious to hackers.

Why it matters, from Axios' Senior Developer Chris Barna: Although breaking these keys could take a lot of time and money, "when you have the resources of a malicious government, 17 days and hundreds of thousands of dollars can be worth it if the perceived payoff is big enough."

What to watch for, as Graham Steel, CEO of encryption consultancy Cryptosense, told ArsTechnica: "If you have a document digitally signed with someone's private key, you can't prove it was really them who signed it. Or if you sent sensitive data encrypted under someone's public key, you can't be sure that only they can read it."

Go deeper

Axios
5 hours ago - Politics & Policy

Jeff Sessions loses Alabama Senate primary runoff

Jeff Sessions. Photo: Michael DeMocker/Getty Images

Former Attorney General Jeff Sessions has lost the Republican nomination for Senate to Tommy Tuberville in Alabama in Tuesday night’s primary runoff, AP reports.

Why it matters: Sessions had been the underdog in the race against former Auburn University head football coach Tommy Tuberville, who had the backing of President Trump. Tuberville will now face off against Sen. Doug Jones (D-Ala.) in November, who is considered to have one of the most vulnerable Democratic Senate seats in the country.

Go deeper (<1 min. read)Arrow
Axios
Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 9 p.m. ET: 13,273,537 — Total deaths: 577,006 — Total recoveries — 7,367,106Map.
  2. U.S.: Total confirmed cases as of 9 p.m. ET: 3,424,304 — Total deaths: 136,432 — Total recoveries: 1,049,098 — Total tested: 41,764,557Map.
  3. Politics: Biden welcomes Trump wearing mask in public but warns "it’s not enough"
  4. Public health: Four former CDC heads say Trump's undermining of agency puts lives at risk — CDC director: U.S. could get coronavirus "under control" in 4–8 weeks if all wear masks.
Go deeper (<1 min. read)Arrow
Courtenay Brown
8 hours ago - Economy & Business

Bank CEOs brace for worsening economic scenario

JPMorgan CEO Jamie Dimon. Photo: J. Lawler Duggan/For The Washington Post via Getty Images

Wells Fargo swung to its first loss since the financial crisis — while JPMorgan Chase and Citigroup reported significantly lower profits from a year earlier — as the banks set aside billions of dollars more in the second quarter for loans that may go bad.

Why it matters: The cumulative $28 billion in loan loss provisions that banks have so far announced they’re reserving serves as a signal they’re preparing for a colossal wave of loan defaults as the economy slogs through a coronavirus-driven downturn.

Go deeper (1 min. read)Arrow