Posts

Preparing for the Post-Quantum Migration: A Race to Save the Internet | Womble Bond Dickinson

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


National agencies and scientific institutions are well aware of the threat of quantum computers to existing cryptography. In 2015, the United States National Security Agency first published warnings of the need to transition to quantum-resistant algorithms. One year later, the National Institute of Standards and Technology (“NIST”) began a standardization initiative for post-quantum cryptography and secure operating parameters. Post-quantum cryptography is the study of crypto-systems that can be run on a conventional computer and is sufficiently secure against both quantum and conventional computers. However, the trial process is lengthy and NIST continues to review and scrutinize potential quantum-resistant algorithms. The initiative identified five classes of cryptographic systems that are currently quantum-resistant: lattice based; multivariate-quadratic-equations; hash-based; code-based; and supersingular elliptic curve isogeny. NIST is expected to announce the first algorithm to qualify for standardization within the next two years.

During this transition period while the world awaits NIST’s findings, there are measures that can be taken now to begin securing data against quantum computing and preparing for the upcoming migration. Organizations should begin the engineering work necessary to prepare their infrastructure for the implementation of post-quantum cryptography as soon as the migration is ready. To begin preparing now, experts recommend that organizations create a reference index for those applications that use encryption and ensure that current and future systems have sufficient cryptographic agility. Reference indexing allows organizations to assess quantum vulnerabilities ensuring that all applications are migrated, minimizing the risk of incidents occurring in one part of their digital ecosystem. It is essential that organizations perform an ongoing assessment of their risks and migrate quickly to prevent systemic data insecurity.

Organizations should develop a plan to transition to quantum-resistant encryption. Planning ahead will minimize system down time and provide flexibility for responding to any implementation flaws. Organizations can utilize their…

Source…

To Secure the Internet of Things, We Must Build It Out of “Patchable” Hardware


Photo: Jamie Chung
Photo: Jamie Chung

On 21 October of last year, a variety of major websites—including those of Twitter, PayPal, Spotify, Netflix, The New York Times, and The Wall Street Journal—stopped working. The cause was a distributed denial-of-service attack, not on these websites themselves but on the provider they and many others used to support the Domain Name System, or DNS, which translates the name of the site into its numerical address on the Internet. The DNS provider in this case was a company called Dyn, whose servers were barraged by so many fake requests for DNS lookups that they couldn’t answer the real ones.

Distributed denial-of-service attacks are common enough. But two things made this attack special. First, it hobbled a large DNS provider, so it disrupted many different websites. Also, the fake requests didn’t come from the usual botnet of compromised desktop and laptop computers. Rather, the attack was orchestrated through tens of millions of small, connected devices, things like Internet-connected cameras and home routers—components of what is often called the Internet of Things, or IoT for short.

For several years now, the number of things connected to the Internet—including phones, smart watches, fitness trackers, home thermostats, and various sensors—has exceeded the human population. By 2020, there will be tens of billions of such gadgets online. The burgeoning size of the Internet of Things reflects the fastest economic growth ever experienced for any sector in the history of human civilization.

For the most part, this development promises great excitement and opportunity for engineers and society at large. But there is a dark cloud hanging over the IoT: the concomitant threats to security and privacy, which will be of a scale never experienced before.

Our digital systems are vulnerable to malicious hackers attempting to gain unauthorized access, steal personal data and other information, hold the information they steal for ransom, and even bring systems down completely, as happened with the attack on Dyn. The result is an ongoing arms race between hackers and computer-security experts, forcing the rest of us to live on a treadmill of security…

Source…

Youverify gives internet users control over their data with security & lifestyle app – YouID

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


These technological changes, incremental in nature, have over the course of time gained acceptance and become prevalent, connecting individuals and institutions across different time zones and continents, and at the same time creating a new digitally enabled culture and economy.

Source…

Polychain, A16z Face Unregistered Security Lawsuit Over Internet Computer Token Sale

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Dfinity’s highly-anticipated Internet Computer (CRYPTO: ICP) platform found itself amid a major controversy after a class-action lawsuit been filed in California describes it as an unregistered security.

What Happened: The complaint was filed on July 15 “on behalf of all investors who purchased Internet Computer Project tokens on or after May 10, 2021.”

The filing targets cryptocurrency hedge fund Polychain Capital, venture capital firm Andreessen Horowitz and Dfinity’s founder Dominic Williams as defendants in the lawsuit.

Internet Computer attempts to combine the high-speed data processing power of the internet with the security and trustlessness of blockchain technology by employing a novel consensus system based on queries and calls instead of the more familiar Cardano’s (CRYPTO: ADA) proof-of-stake and Bitcoin’s (CRYPTO: BTC) proof-of-work. 

What’s ICP? With its claimed “unprecedented” capabilities, Internet Computer intends to compete not only with the likes of Ethereum (CRYPTO: ETH) but also with the cloud computing industry and most centralized services ranging from social media such as Facebook (NASDAQ:FB) to intermediaries such as Uber Technologies Inc. (NYSE:UBER).

This new cryptocurrency launched in May and found enough hype by market participants that its network is now worth $4.6 billion — it is the 21st biggest cryptocurrency.

The Lawsuit: A recent report by crypto intelligence firm Arkham Intelligence suggests that Internet Computer’s 90% price crash in its first month is unusual for a project with heavy institutional investment and support.

While a spokesperson for the project dismissed the paper as “ludicrous” in an email sent to an industry news outlet Decrypt, the document purportedly identified $2 billion of ICP being transferred by “probable insider addresses” to cryptocurrency exchanges at times coinciding with sharp price decreases.

In other words, the document suggests a probable “dumping” by people involved with the project.

Read also: Dogecoin Campaign Leads To $5M Lawsuit For Coinbase Over Claims Of Deception

The lawsuit filed in California alleges that 469,213,710 ICP tokens were “created out of thin…

Source…