Contrary to popular superstition, AES 128 is just fine in a post-quantum world A stubborn misconception is hampering the already hard work of quantum readiness.

With growing focus on the threat quantum computing poses to crucial and widely used forms of encryption, @filippo.abyssdomain.expert wants to make one thing clear: Contrary to popular mythology that refuses to die, AES 128 is perfectly fine in a post-quantum world

arstechnica.com/security/202...

Deleted and reposted to fix the link.

Recent advances push Big Tech closer to the Q-Day danger zone Here's which players are winning the race to transition to post-quantum crypto.

“Transitioning the Internet to post-quantum, especially for digital signatures, is a massive undertaking. By setting a 2029 goal, they are giving themselves some slack. If they target 2035 and miss by 2 years, we are getting uncomfortably close to the danger zone.” arstechnica.com/security/202...

Now, there's a 3rd Rowhammer attack on Nvidia GPUs that gains CPU root even when IOMMU is enabled. My story has been updated throughout.

arstechnica.com/security/202...

New Rowhammer attacks give complete control of machines running Nvidia GPUs Both GDDRHammer and GeForge hammer GPU memory in ways that compromise the CPU.

The cost and shortage of GPUs means they're frequently shared among dozens of users in cloud environments. 2 new Rowhammer attacks demonstrate how a malicious user can gain full root control of the host machine running high-performance Nvidia GPU cards.

arstechnica.com/security/202...

Quantum computers need vastly fewer resources than thought to break vital encryption No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.

Building a utility-scale quantum computer that can crack one of the most vital cryptosystems—elliptic curves—doesn’t require nearly the resources anticipated just a year or two ago, two independently written whitepapers have concluded.

arstechnica.com/security/202...

Kaspersky has linked Coruna with Operation Triangulation.

This somes a few weeks after we reported that L3Harris Trenchant was the company behind some components of Coruna.

And we also reported that it was possible Coruna was used in Operation Triangulation.

securelist.com/coruna-frame...

Google is also discussing its PQC plans for Android for the first time. This will likely add significant workload for Android app devs.

Google bumps up Q Day deadline to 2029, far sooner than previously thought Company warns entire industry to move off RSA and EC more quickly.

Google is dramatically shortening its readiness deadline for the arrival of Q Day, the point at which existing quantum computers can break public-key algorithms that secure decades’ worth of secrets belonging to militaries, banks, and nearly every individual on earth

arstechnica.com/security/202...

Scanned newspaper article from 1997. Headline: :Breaking the code breakers." subhed: "Cindy Cohn is fighting the feds on export control and winning." Byline: "Dan Goodin."

I was lucky enough to cover Cindy Cohn's trailblazing work BEFORE she joined @eff . Here's one of several stories I wrote about her when she was still an associate attorney in private practice.

LLMs can unmask pseudonymous users at scale with surprising accuracy Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.

Burner accounts on social media sites can increasingly be analyzed to identify the pseudonymous users who post to them using AI in research that has far-reaching consequences for privacy on the Internet, researchers said.

arstechnica.com/security/202...

Pitseleh YouTube video by Elliott Smith - Topic

Pitseleh, or a ton of other stuff by Elliott Smith.

www.youtube.com/watch?v=Pg7y...

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises That guest network you set up for your neighbors may not be as secure as you think.

Excellent article on the work by @dangoodin.bsky.social: arstechnica.com/security/202...

I'd say we bypass Wi-Fi encryption, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;)

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises That guest network you set up for your neighbors may not be as secure as you think.

That guest SSID you set up for your neighbors may not be as secure as you think

arstechnica.com/security/202...

This local Wolfdog joined an Olympic ski event and triggered the finish-line camera. This is Nazgul. He snuck into a cross-country skiing sprint this morning and raced the homestretch with some competitors before being escorted home. 14/10 someone get him a medal

Password managers' promise that they can't see your vaults isn't always true Contrary to what password managers say, a server compromise can mean game over.

The makers of password managers like Bitwarden, 1Password, Dashlane and LastPass promise they can't see your password vault. But that's not always true. A server compromise can mean game over for you, say researchers who examined some of the top password managers on the market

Password managers' promise that they can't see your vaults isn't always true Contrary to what password managers say, a server compromise can mean game over.

Contrary to what password managers say, a server compromise can mean game over.

arstechnica.com/security/202...

Password managers' promise that they can't see your vaults isn't always true Contrary to what password managers say, a server compromise can mean game over.

Contrary to what password managers say, a server compromise can mean game over.

arstechnica.com/security/202...

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say Palo Alto Networks opted not to tie China to a global cyberespionage campaign the firm exposed last week over concerns that the cybersecurity company or its clients could face retaliation from Beijing...

Scoop: A report published last week outlined what Palo Alto researchers believed was a China-linked hacking campaign.

But after an intervention from execs, the report's language was changed to refer more vaguely to "a state-aligned group that operates out of Asia."
www.reuters.com/world/china/...

ICE Records Reveal How Agents Abuse Access to Secret Data Documents obtained by WIRED detail hundreds of investigations by the US agency into alleged database misuse that includes harassment, stalking, and more.

I filed this FOIA after publishing this investigation into ICE agents abusing law-enforcement databases. www.wired.com/story/ice-ag....

Those records are here:
airtable.com/appxK2tDF0YA...

If throngs of people handed over their IDs in exchange for a vanity blue check from a pro-authoritarian site, what reason is there to think Discord users won't do the same?

County pays $600,000 to pentesters it arrested for assessing courthouse security Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began.

Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation.

arstechnica.com/security/202...

Trump’s federal thugs beat up on
His face and his chest
Then we heard the gunshots
And Alex Pretti lay in the snow, dead
Their claim was self defense, sir
Just don’t believe your eyes
It’s our blood and bones
And these whistles and phones
Against Miller and Noem’s dirty lies

(Full lyrics @ YT page)

Thanks for making sure we're aware of this. Our understanding is that Chrome on Android has started issuing these alerts. They're likely due to video players being embedded by ads that are trying to discover if Chromecast is available. This isn't just happening on Ars. We continue to investigate.

Thanks to @dangoodin.bsky.social for writing one of the few articles that actually questioned the @nytimes.com report.

No, I'm saying that before we can use the video as proof, the details I've mentioned though out this thread must be independently confirmed. Anyway, it doesn't sound like you and I agree on the burden of proof required to report a missile attack was responsible for the power outage. Peace & respect.

I assumed you had independently confirmed the gov's claims if you were pitching a whole story focusing on kinetic attacks. I've never liked the overly broad license news outlets give to unnamed sources, but if power was indeed restored hours later, I don't see how missiles could be responsible.

Yes, but when and where was the photo taken? Has anyone positively identified those crucial pieces of info? Assuming the video is authentic, did a cyberattack precede the missile attack? Statements from the Venezuela gov aren't confirmation. I can't find any independent confirmation.

I'm not saying missiles weren't used, but I'm looking for confirmation.

@metacurity.com Is there any independent confirmation of a kinetic attack? I don't see any mention of missiles or bombs in the first post Cynthia linked to, although the second does. The third appears to show damage to an electrical substation, but I can't tell where it is or when the video was shot