Since the beginning of 2018, there have been a series of attacks exploiting vulnerabilities in the central processing units (CPUs) of major chip makers. Called Spectre and Meltdown, these hacks allow the attackers to fool the CPU into providing sensitive information stored in unsecured portions of the CPU. Patches were issued and mitigated the damage although they did impact system performance for certain tasks, making the PCs run a touch slower.
Not all encryption software, tools, and techniques are created equal. While it is true that using some encryption is better than not using any at all, it is always smart to research your solution before and during using it. As a Hacker News article points out, serious flaws in two popular encryption tools, PGP and S/MIME have recently been discovered.
A Wall Street Journal (WSJ) article written by Shane Shifflett and Coulter Jones, dated 17 May 2018, reported that a WSJ analysis of 1,450 ICOs currently underway found 271, about 20%, were fraudulent and had already consumed more than $1.0 Billion USD of investor money. The “red flags” the article points out include, “plagiarized investor documents, promises of guaranteed returns and missing or fake executive teams.”
The concept of a backdoor is pretty simple. When a company develops a piece of security software or hardware, the government puts pressure on the developers to include a way for them to get around the security aspects of the product. The rationale is that bad actors and terrorists are using secure, encrypted hardware and software to plan and implement their attacks. If the law enforcement arms of the government cannot “crack the code” being used, they are limited in their ability to prevent and investigate these attacks.
There is an old saying where I come from that goes, “You can’t be too rich or too beautiful.” Well, in today’s digital world I think it needs to include, “You can’t be too careful online or have too much security.” Time for Facebook (FB) users to take this new advice to heart as several Chrome extensions promoted on FB have been found to install malicious code in the user’s browsers.
Users of the Signal encryption application for Windows and Linux need to patch their software as soon as possible. According to an article in Hacker News, a security researcher in Argentina discovered a bug in the end-to-end encryption software that allows bad actors to inject malicious code into a message and have it execute on the target machine without action by the recipient.
If you want to use digital technology safely and fearlessly you need some serious security. This is true whether you are protecting your home network or that of a major corporation. Layer upon layer of security is being be combined to build the strongest defense possible. Firewalls, anti-virus software, sandboxed operations, multi-factor user identification, and more are being used. But, like the castles of old, there is always a weak point that the barbarians can exploit to breach the defenses.