Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • UK Official Promises Statements 'Around VPNs' and Further Teen Restrictions on Chatbots and Social Media
    by EditorDavid on 21/06/2026 at 8:54 pm

    PC Gamer reports: The UK government is considering an Australia-style ban on social media for under-16s, with Prime Minister Keir Starmer saying that the ban could take effect as soon as spring next year. As for the much nearer future, Science and Technology Secretary Liz Kendall told BBC Breakfast earlier this week, "We will make further statements in July about VPNs and further restrictions." To be clear, no specific restrictions have yet been announced and Kendall sounded somewhat cautious about an outright ban during a parliament debate that took place the same day. "I have commissioned further research about their usage. There are really important issues to balance here," she says. "Many people want to use VPNs for privacy — that is important — but we know that some children use them to get around restrictions. I will come back to that in July in our response to the consultation." So, we'll have to wait until next month for anything definite, but it's hard not to feel like a full ban on VPNs is already on the table. If that does come to pass, more than the contents of my Bluesky inbox will be at stake. Utah in the US has already tried to implement a full VPN ban (though this was postponed until September after Aylo, the parent company of Pornhub, challenged the law in court)... [T]he UK could just be the next domino after Utah, potentially setting off a chain reaction that affects users around the world. The article also argues that age checks can also be a privacy nightmare "with the security breach that exposed the personal info of 70,000 Discord users last year being one case in point." Here's the complete statement from UK Technology Secretary Kendall. "I'll come back in July with a further statement around VPNs but also additional measures that we want to look at, further restrictions on AI chatbots that parents have found very worrying, more about overnight curfews or breaks in doomscrolling for 16- and 17-year-olds." Read more of this story at Slashdot.

  • Cops Keep Getting Arrested for Using Flock's Cameras to Stalk People
    by EditorDavid on 21/06/2026 at 7:40 pm

    404 Media remembers how a Florida police office looked up his ex-girlfriend's license plate in the Flock automated license plate reader system at least 69 times in 2024 — even searching for her mom's license plate at least 24 times. The police office was charged with stalking and hacking-related offenses, serving one day in prison with five years of probation — but his case "was not a one-off." [Alternate link via Bruce Schneier] Local news reports from around the country repeatedly detail police abusing the Flock surveillance system in order to stalk their partners or ex-partners. The contours of each story are much the same, with the police officer in question using their access to the system to repeatedly track a specific person over the course of weeks or months. The cases highlight the fact that Flock can be used to track the whereabouts of individual people, that police do not get a warrant in order to use the system, and that, if they have access to the system, they have the technical ability to look up any license plate they want for any reason they want. An April study by the civil rights group Institute for Justice found that at least 18 police officers have been caught around the country using Flock to stalk a romantic interest in the last few years; another database, called the ALPR Abuse Library, has documented 20 specific cases of "stalking/targeting" around the country. The known cases of police stalking are almost certainly a vast underreporting of the overall abuse, because they largely include only cases in which the behavior was so egregious that it led to police officers being fired, arrested, or both. Flock told 404 Media that it is "aware of 15 incidents of abuse, each surfaced because of the transparency and accountability features deliberately built into our platform.... There are also 140,000 monthly active users of Flock, so the relatively rare instances of abuse, while obviously wrong and awful, are exactly that — rare," a Flock spokesperson told 404 Media. [One in 10,000.] "Humans are fallible; unlike most tools society provide law enforcement, Flock ensures that in the instances when our technology is misused, the evidence used to hold responsible parties accountable, is right there in our system. We also encourage all our customers to have a usage policy, regular training, and to implement our Audit Assistance tool, which proactively flags unintended use...." But it is also the case that Flock has strenuously fought against lawsuits and potential regulations that are seeking to require police to get a warrant to use the system. And many cases of abuse have not been detected by police departments themselves but by those private citizens, journalists, and stalking victims who have found patterns of abuse in public records files they have obtained from their local police departments. In most cases of Flock-related stalking reviewed by 404 Media, the abuse occurred over the course of months or years, and the victims were subjected to dozens or hundreds of lookups. Other abuse cases have been discovered using the website HaveIBeenFlocked.com, a website that compiles Flock searches released via public records requests and turns them into a searchable database. Flock has repeatedly tried to get that website taken down, as we have previously reported. Read more of this story at Slashdot.

  • After Six Years Of Work and Over 360 Patches, Linux 7.2 Finally Removes Bug-Prone strncpy
    by EditorDavid on 21/06/2026 at 6:12 pm

    Tech Times reports: Linux 7.2's merge window closed out a cleanup campaign on Friday that most kernel developers had stopped expecting to see end: the complete removal of strncpy(), a C string-copy function that the kernel's own documentation labels "actively dangerous," from every subsystem, driver, and architecture-specific file in the kernel source tree. The merge landed June 20, 2026. After around 362 commits spread across six years of incremental work, no call site using the function remained, and the function itself — including the last per-CPU-architecture optimized implementations — was struck from the source. The removal matters beyond housekeeping. strncpy() is a persistent source of a specific class of memory error: kernel buffers that contain sensitive data can leak bytes past an unterminated string boundary, a pattern that enables memory disclosure vulnerabilities. Eliminating the function from the tree removes that entire class from the kernel's attack surface — and, critically, makes strncpy() unavailable to any future contributor, turning a best-practice suggestion into an enforced policy. Phoronix notes it's replaced by five different functions: In place of strncpy, Linux kernel code should use strscpy() for NUL terminated destinations, strscpy_pad() for NUl-terminated destinations with zero-padding, strtomem_pad() for non-NUL-terminated fixed-width fields, memcpy_and_pad() for bounded copies with explicit padding, or memcpy() for known-length memory copies. "The reason five functions were needed," explains Tech Times, "is that different parts of the kernel were using strncpy() for five semantically distinct memory operations — each with a different intent, different termination requirement, and different padding behavior. " The original function obscured all of those differences under a single ambiguous name. The 362-commit campaign to replace it was, in effect, a codebase-wide audit that forced every call site to declare its actual intent in code That is an engineering outcome with lasting value: the kernel's string-handling semantics are now explicit where they were previously implicit, and future maintainers can read a function name and understand what a copy operation actually does. Read more of this story at Slashdot.

  • US Bill Would Mandate AI Chip Location Tracking to Thwart China and Other Adversaries
    by EditorDavid on 21/06/2026 at 4:34 pm

    NBC News reports: A group of companies that specialize in tracking international shipments of sensitive technologies is backing a Capitol Hill bill that would require America's most powerful AI chips to incorporate stronger security mechanisms aimed at preventing the chips from reaching China and other adversaries. The letter, signed by six companies, says the Chip Security Act (CSA) would increase American chip companies' competitiveness and close key loopholes in the U.S. export control regime. The move clashes with claims from semiconductor lobbying groups that the requirements would constrain America's booming chip industry. Sent to congressional leadership Thursday morning and seen by NBC News, the dispatch instead argues that more robust security verification would assure chip customers and manufacturers that they are abiding by sensitive restrictions on chip sales. The companies argue that the boosted confidence will "lead to increased sales, faster export approvals, larger transactions, greater access to new markets, and more expansive chip deals." Despite U.S. export control laws banning sales of advanced AI chips to certain countries, including China, loopholes in current requirements have allowed billions of dollars' worth of America's best AI chips to be sold to entities in third-party countries that can then forward them to China. In just one case in March, the Justice Department charged three people with conspiring to forward $2.5 billion of AI chips to China. The CSA aims to address those loopholes, mandating that chip exporters better track where advanced chips are sent, via either bespoke location-verification hardware or software that can run on existing hardware. That, bill proponents claim, would ensure that sensitive chips could be sold to countries like Malaysia or Indonesia without fear of further transfer to China... Experts say that because chips perform the advanced computations required for frontier AI systems, cutting off access to the chips is crucial to prevent geopolitical rivals from using AI systems for military or economic purposes. Read more of this story at Slashdot.

  • The Rust Ecosystem Gets an AI Security Engineer in Residence
    by EditorDavid on 21/06/2026 at 3:34 pm

    While the Rust Foundation has a Security Initiative to protect its ecosystem, "the threats have expanded," they announced this week, "and so has the kind of help maintainers need." Much of this comes back to a single shift: Automated tooling (much of it now built on large language models) has gotten good enough to surface real vulnerabilities in open source code quickly and at scale. That is useful, and several large Rust projects have already received and fixed credible issues found this way. The same tooling has also made it trivial to generate vulnerability reports that look plausible and are worthless. Maintainers across the ecosystem are losing real hours sorting these from the reports that matter, and the noise tends to bury the signal. So, with funding from the Alpha-Omega Project, the Rust Foundation is bringing on a full-time AI Security Engineer in Residence dedicated to the Rust ecosystem. This position is being funded with part of the $12.5M in open source security funding that the Linux Foundation announced in March. The role exists to take pressure off maintainers. The person in this position will use a mix of human-led and AI-assisted methods to proactively review Rust itself and the crates the ecosystem leans on most and help us separate real, exploitable issues from false positives and low-signal noise before anything reaches a maintainer... This role will run full-time for six months to start, with room to extend depending on what we learn and the funding available. Methods, playbooks, and prompts will be documented so the work doesn't end with the contract. We are grateful that Rust is not embarking on this work in isolation. Several other ecosystems have received parallel Alpha-Omega grants for the same kind of work (e.g., the PHP Foundation and the Drupal Association) and we plan to share tooling, triage practices, and what we learn rather than duplicating work A statement from Rust's new AI Security Engineer in Residence acknowledges that "One of our next challenges is the wave of bugs discovered by the next generation of AI-powered developer tools." Read more of this story at Slashdot.

  • Canonical's Upcoming AI Tool: Talk to Ubuntu Instead of Typing
    by EditorDavid on 21/06/2026 at 2:34 pm

    This week the Ubuntu desktop's director of engineering announced they're bringing speech-to-text dictation to Ubuntu Desktop, aiming for an experience "that feels like a natural part of the desktop while respecting user privacy and running entirely on local hardware." "Speech recognition has become a common feature on modern platforms, and we think it should be a first-class experience on Ubuntu Desktop as well." More details from the blog It's FOSS: For Ubuntu 26.10, the initial version of Myna is expected to be a desktop dictation tool built around GNOME on Wayland with a push-to-talk mechanism gatekeeping when your microphone accepts input. Using it means holding a hotkey, speaking, and letting go. A small activity indicator shows while it is listening, and the transcribed text lands wherever the cursor was sitting when dictation started. Recognition itself happens inside a sandboxed component called the Canonical Inference Snap, while a Speech Orchestrator manages the session and an Audio Adapter handles whatever the microphone picks up, denoising and chunking it before it ever reaches the model... Speech recognition will happen locally, and an internet connection is not needed once the appropriate model is installed... The audio data won't be sticking around either, being stored in a small in-memory buffer that gets discarded the moment the session ends. Features like dictation into password fields, wake words, continuous listening, voice assistants, voice commands, translation, speaker identification, and automatic language detection are all off the table... You should also know that Canonical is looking for feedback before the specs for Myna are finalized, especially from people who already rely on dictation or assistive tools on Linux. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress