Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Last.fm Goes Independent After Breaking Up With Paramount Skydance
    by BeauHD on 28/05/2026 at 11:00 am

    Last.fm announced that it is independent again after separating from Paramount Skydance, nearly two decades after CBS acquired the music-tracking service in 2007. The company says accounts, scrobbles, privacy settings, Pro subscriptions, and billing information will remain intact. Additional details are forthcoming. Engadget reports: "Today, Last.fm begins a new chapter as an independent company," the announcement reads. "Ownership has changed, but the product you use every day has not." It also said that it will keep its current team. Last.fm is a music website that can track what you listen to across platforms, apps and streaming services, including Spotify, YouTube and Apple Music. [...] Last.fm started as an internet radio station in 2002, and it didn't get scrobbling until a few years later when it merged with the original team that created the tracking process. It operated as an independent company until it was acquired by CBS Interactive, which is now part of the merged Paramount Skydance Corporation, for $280 million in 2007. In 2014, it killed off its $3-a-month subscription radio service to focus on tracking your listening habits on other providers. The company promised to share more about what you can expect from the transition in the coming weeks, but everything will work on Last.fm "exactly as it did yesterday" for now. Read more of this story at Slashdot.

  • Perfect Randomness Realized For the First Time
    by BeauHD on 28/05/2026 at 7:00 am

    ETH Zurich researchers say they have generated certified "perfect randomness" for the first time by using a quantum Bell-test setup with two entangled superconducting chips connected by a 30-meter cooled link. "In the long term, this work could play a similar role in digital security as atomic clocks do for timekeeping: a physically certified source of randomness that other systems can rely on," reports Phys.org. "Possible applications range from the encryption of sensitive communications and digital identities to public randomness services for lotteries and blockchain applications." From the report: They call their method randomness amplification. "This was made possible by an improved so-called Bell-Test with simultaneously high quality and high data rate," says [Renato Renner and Andreas Wallraff]. He and his coworkers use a complex setup that consists of two superconducting chips, which they cool down to very low temperatures close to absolute zero. Each chip represents a quantum bit or qubit, which can take on the states "0" or "1" or any arbitrary superposition of these states. A 30-meter-long tube, which is also cooled down, connects the two chips. Microwave photons can fly back and forth between them, thus creating quantum mechanical entanglement. This means that a quantum measurement on one qubit, which randomly yields the values "0" or "1," influences automatically and at a distance whether "0" or "1" is measured on the second qubit. The separation of 30 meters ensures that, during the measurement, even at the speed of light, no information can be exchanged between the qubits. This would disturb the perfect randomness. Wallraff and his team made the choice of the exact type of measurement (or "measurement basis" in technical jargon) on the two qubits depending on an imperfect random number generator. Renner's coworkers could then amplify the randomness of the measurement results further using a special algorithm. "The resulting sequence of zeros and ones is now really perfectly random, and we can even certify that," says Renner. He likens this result to crossing a ridge: "The technical improvements allowed us, for the first time, to create random numbers that will remain perfectly random for all eternityâ"no matter what analytical methods are used to assess their randomness." The findings have been published in the journal Nature. Read more of this story at Slashdot.

  • Websites Have a New Way To Spy On Visitors: Analyzing Their SSD Activity
    by BeauHD on 28/05/2026 at 3:30 am

    An anonymous reader quotes a report from Ars Technica: Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices. The technique, laid out in a research paper (PDF), exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data. The attack that FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs -- even on other browsers -- and the apps that were open on the visitor's device. FROST requires no interaction from the visitor other than opening the site hosting the attack. [...] Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that's reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor. While each file system is sandboxed, meaning it's isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network -- a system that uses deep learning to analyze text, audio, and images -- the attacker can deduce various apps and websites open on the device. "The attacker continuously measures SSD contention by performing random reads from a large OPFS file," the researchers explained. "SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model." Read more of this story at Slashdot.

  • Meta To Start Testing AI Subscription Services
    by BeauHD on 27/05/2026 at 11:00 pm

    Meta will begin testing paid subscriptions for its Meta AI app and website, with a $7.99/month Meta One Plus plan and a more capable $19.99/month Meta One Premium plan offering. The test will start next month in Singapore, Guatemala, and Bolivia as Meta looks for AI revenue beyond advertising while continuing to offer a free tier. CNBC reports: Naomi Gleit, the head of product at Meta, revealed the subscription testing in an Instagram video, announcing that the plans "give people who use Meta AI more to work with, more capacity, bigger, more complex requests, and more room to create for businesses and creators." Meta One Plus will cost $7.99 a month and the Meta One Premium plan will cost $19.99 a month, the company confirmed. The more expensive version offers users additional computing capacity to produce more comprehensive responses and other advanced features. The company will continue to provide a free version of the app and site. "We're offering premium tools that allow you to enhance presence, supercharge content, automate tasks, and protect your brand," Gleit said in the post. "We're also thinking about how to bring this all together in a way that makes sense." Read more of this story at Slashdot.

  • Nvidia To Spend $150 Billion a Year In Taiwan
    by BeauHD on 27/05/2026 at 10:00 pm

    Nvidia CEO Jensen Huang says the company plans to spend around $150 billion a year in Taiwan, calling it the "epicenter of the AI revolution." "Four years ago, five years ago, Nvidia was spending about $10, $15 billion dollars a year in Taiwan. Now we're spending $100, going to $150 billion dollars in Taiwan each year," Huang said. Reuters reports: Huang was speaking at a launch celebration in Taipei for the chip company's planned Taiwan headquarters, which he said will break ground this year and aims to become operational in 2030. He did not provide a timeframe for the number of years the company plans to invest $150 billion. The Taiwan headquarters will bring Nvidia closer to TSMC, the world's largest contract chipmaker which makes many of the advanced semiconductors powering the trend towards AI and is a major supplier to the U.S. tech company. "Taiwan is booming," Huang said on stage at the celebration which was attended by his parents, wife, daughter and son in addition to around 1,000 employees. "Taiwan is the epicentre of the AI revolution. This is where the chips come, packaging comes, this is where the systems are made, this is where AI supercomputers were created. The number of partners we work with here in Taiwan, incredible." Read more of this story at Slashdot.

  • Rust Will Save Linux From AI, Says Greg Kroah-Hartman
    by BeauHD on 27/05/2026 at 9:00 pm

    Linux stable kernel maintainer Greg Kroah-Hartman says Rust can help Linux deal with a flood of AI-discovered security bugs (namely Dirty Frag, Copy Fail, and Fragnesia) by preventing common C mistakes around memory, locking, error handling, and untrusted data at build time rather than during human review. It's "not a silver bullet" and does not mean rewriting the whole kernel, but he said new drivers and subsystems will increasingly use Rust as Linux evolves forward. ZDNet reports: Kroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where "we forgot to unlock" in an error path. "The majority of the bugs in the kernel are this tiny, minor stuff," he explained. "Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C. This is why we don't like it." Kroah-Hartman argued that the "best beauty of Rust" is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: "The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy. You just can't write code to access these values...without grabbing the lock. The compiler will not let you." Those properties, he argued, directly remove a huge fraction of the bugs he sees: "This is going to save us those two things. First, 60% of the bugs in the kernel right there, they're gone. Thank you." The payoff is earlier, more automated enforcement: "If this happens at build time, not review time, don't make me a maintainer who has to read your code [and] say, 'Oh, then you properly check that error value. Oh, did you properly grab the locks in the right spot?' Rust gives us that for free. This is the best thing ever." Even if Rust vanished tomorrow, Kroah-Hartman argued, it has already forced the kernel to clean up C code and interfaces. He credited Rust's influence outright: "We stole this from Rust. Thank you. It's a good idea, so if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas. We thank you, you've made Linux better with it just by existing." [...] What ultimately sold a number of core maintainers, including him, on Rust was how it "makes reviewing code easier." With CI [Continuous Integration] bots enforcing builds and Rust's type system enforcing key invariants, maintainers can "focus on the logic" rather than resource bookkeeping: "I can care about that one function. I don't have to worry about the rest of this stuff, because I assume that it works properly, because it was built properly." Internally, he said, the top maintainers have already made their call on Rust's status: "The Linux kernel maintainers, we get together every year and talk about what the processes are doing. Last year, we said the Rust experiment is over. It's not an experiment. This is for real." The rationale: "The people behind it are real. We trust them. We know what they're doing. They've shown and put in the work to make Rust a viable language in the kernel, and we're going to make this stick. Let's go full speed ahead. And, as always," he said wryly, "world domination proceeds." "If you never remember anything else in my talk, just remember these four words. It came from Microsoft Security many, many years ago," Kroah-Hartman told attendees. "They realized all input is evil. You have to validate all input." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress