LastPass bug leaks credentials from previous site

Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn’t as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site.

Source: LastPass bug leaks credentials from previous site | ZDNet

Blockchain Tech Could Save Banks $12 Billion A Year

By replacing independent, fragmented databases with a distributed system, banks can reduce data reconciliation costs while also improving data quality and ensuring data security.

Source: Blockchain Tech Could Save Banks $12 Billion A Year

It has become increasingly obvious in recent months that blockchain will be key to the future of the banking industry, with the majority of banks expected to adopt the technology within the next three years.

World’s First 1,000-Processor Chip

Each processor core can run its own small program independently of the others, which is a fundamentally more flexible approach than so-called Single-Instruction-Multiple-Data approaches utilized by processors such as GPUs; the idea is to break an application up into many small pieces, each of which can run in parallel on different processors, enabling high throughput with lower energy use, Baas said.

Because each processor is independently clocked, it can shut itself down to further save energy when not needed, said graduate student Brent Bohnenstiehl, who developed the principal architecture.

Source: World’s First 1,000-Processor Chip | UC Davis

Do you have the brains for cybersecurity?

In the modern day, the ability to work through a problem and decipher it is essential to anyone who works in cybersecurity, partly because a lot of what they do involves working out what is going on with less than perfect knowledge.

The puzzles below have been drawn up with the help of the team behind the UK’s Cyber Security Challenge, which uses similar tests to find people who are good at problem solving who could be of use for attacking and defending computer networks.

Source: Do you have the brains for cybersecurity? – BBC News

Is Blockchain the most important IT invention of our age?

Like records of land ownership. Creating and maintaining incorruptible registers of land titles is a huge – and mostly unsolved – problem for developing countries. So when the government of Honduras launched an investigation into whether a blockchain-based land registry could solve it, the non-geek world sat up and began to take notice. The unmistakable message was that this technology could be much more useful than merely securing cryptocurrencies. It might actually turn out to be one of the biggest IT inventions of our time.

Source: Is Blockchain the most important IT invention of our age? | John Naughton | Opinion | The Guardian

NSA in P/poly: The Power of Precomputation

Diffie-Hellman is the thing where Alice and Bob first agree on a huge prime number p and a number g, then Alice picks a secret a and sends Bob ga (mod p), and Bob picks a secret b and sends Alice gb (mod p), and then Alice and Bob can both compute (ga)b=(gb)a=gab (mod p), but an eavesdropper who’s listening in only knows p, g, ga (mod p), and gb (mod p), and one can plausibly conjecture that it’s hard from those things alone to get gab (mod p). So then Alice and Bob share a secret unknown to the eavesdropper, which they didn’t before, and they can use that secret to start doing cryptography.

Source: Shtetl-Optimized » Blog Archive » NSA in P/poly: The Power of Precomputation

Chrome extension thwarts user profiling based on typing behavior

But there is another type of biometrics that can be used to authenticate users – behavioral biometrics (“something you do”: speaking, typing, etc.).

The latter – information about how a user types on a keyboard – is particularly problematic if he or she wants to maintain their privacy online, as there are likely many websites that record these patterns and use (or might use them in the future) to identify users with a very high degree of certainty.

Source: Chrome extension thwarts user profiling based on typing behavior

So, he challenged infosec consultant Paul Moore to come up with a working solution to thwart this type of behavioral profiling.

The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Object recognition for robots

Because a SLAM map is three-dimensional, however, it does a better job of distinguishing objects that are near each other than single-perspective analysis can. The system devised by Pillai and Leonard, a professor of mechanical and ocean engineering, uses the SLAM map to guide the segmentation of images captured by its camera before feeding them to the object-recognition algorithm. It thus wastes less time on spurious hypotheses.

More important, the SLAM data let the system correlate the segmentation of images captured from different perspectives. Analyzing image segments that likely depict the same objects from different angles improves the system’s performance.

Source: Object recognition for robots

You Can’t Backdoor a Platform

Cryptographic backdoors will not work. As a matter of technology, they are deeply incompatible with modern software platforms. And as a matter of policy and law, addressing those incompatibilities would require intolerable regulation of the technology sector. Any attempt to mandate backdoors will merely escalate an arms race, where usable and secure software stays a step ahead of the government.

The easiest way to understand the argument is to walk through a hypothetical. I’m going to use Android; much of the same analysis would apply to iOS or any other mobile platform.

Source: You Can’t Backdoor a Platform | Web Policy