Security Leftovers

posted by Roy Schestowitz on Dec 16, 2024

• TechTarget ☛ FOSS security concerns increase amid widespread adoption [Ed: Well, of course it speaks against FOSS. Look who sponsors this.]

• Windows TCO

  • Silicon Angle ☛ Rhode Island's RIBridges system breached in cyberattack targeting personal data

    The cyberattack was first detected on Dec. 5 when Rhode Island state officials were informed by its technology vendor, Deloitte Touche Tohmatsu Ltd., that the RIBridges data system had been the target of a potential cyberattack. RIBridges is Rhode Island’s integrated online system for managing public assistance programs.

  • New York Times ☛ Personal Data of Rhode Island Residents Breached in Large Cyberattack

    The personal and private information of possibly hundreds of thousands of people who applied for government assistance in Rhode Island could be in the hands of hackers after a huge cyberattack, state officials said on Friday.

    The cybercriminals said to be behind the attack threatened to release the data unless they received a payment, said Brian Tardiff, the state’s chief digital officer.

• Integrity/Availability/Authenticity

  • Dark Reading ☛ US Telco Security Efforts Ramp Up After Salt Typhoon

    At issue is Title I, Section 105 of the Communications Assistance for Law Enforcement Act (CALEA), which:

    "Requires a carrier to ensure that any interception of communications or [call-identifying information] access effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of a carrier officer or employee acting in accordance with Federal Communications Commission (FCC) regulations."

• Confidentiality

  • Wired ☛ The Simple Math Behind Public Key Cryptography

    In public key cryptography, the “public” and “private” keys work just like the first and second ingredients in this special invisible ink: One encrypts messages, the other decrypts them. But instead of using chemicals, public key cryptography uses mathematical puzzles called trapdoor functions. These functions are easy to compute in one direction and extremely difficult to reverse. But they also contain “trapdoors,” pieces of information that, if known, make the functions trivially easy to compute in both directions.

    One common trapdoor function involves multiplying two large prime numbers, an easy operation to perform. But reversing it—that is, starting with the product and finding each prime factor—is computationally impractical. To make a public key, start with two large prime numbers. These are your trapdoors. Multiply the two numbers together, then perform some additional mathematical operations. This public key can now encrypt messages. To decrypt them, you’ll need the corresponding private key, which contains the prime factors—the necessary trapdoors. With those numbers, it’s easy to decrypt the message. Keep those two prime factors secret, and the message will stay secret.