Researchers claim they can bypass Wi-Fi encryption (briefly, at least)
They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.
Stay secure with the latest encryption news, trends, and best practices in information security. Protect your data with cutting-edge cryptography.
Search across headline titles and summaries.
Background for this topic.
Encryption transforms readable data into ciphertext using an algorithm and a key, so someone who obtains the ciphertext cannot normally understand it without the required key. It protects confidentiality for data in transit, such as traffic between services, and at rest, such as files, databases, and backups. Encryption does not by itself prove who sent data, prevent tampering, or protect plaintext displayed on a compromised endpoint.
Its security therefore depends on implementation and key management. Attackers may target stolen, exposed, or overprivileged keys, weak algorithms or protocols, poor randomness, and systems that decrypt data unnecessarily. Use modern, authenticated encryption where appropriate; protect keys separately from encrypted data with tightly limited access, rotation and revocation procedures, and monitored use. Verify that encryption covers relevant backups and internal service links, while recognizing that lost keys can make recovery impossible and that encrypted traffic may still reveal metadata such as timing or endpoints.
Weekly headline count for the current query.
They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.
Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update for the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In this bug, firing the same encrypted message over and over again […]
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
Crooks: Show us the money! Cops: How about you show us the decryption keys first?
How 2022 is your encryption?
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.