Link

NSA Avoids Discussing Back Doors in Commercial Products

Andrew Orr ·

The U.S. National Security agency is dodging questions about back doors in commercial products and whether it’s continuing this practice. The article mentions Dual EC, a type of encryption algorithm the NSA tried to get ratified as a global standard. Why? Because they could easily crack it.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

And that’s the reason we oppose these kinds of back doors or “weaknesses on purpose” on Security Friday. If one group can easily crack it, so eventually will other groups.

Link

Researchers Extract Intel CPU Encryption Key

Andrew Orr ·

Security researchers have successfully extracted the Intel CPU encryption key used to secure updates to the chip.

The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.

Of course, it’s the “other parties” to worry about. The key can be extracted from any chip that uses Intel’s Goldmont architecture. This is used for low-power chips like the Atom, Celeron, and Pentium brands.

Link

Connecting COVID-19 Contact Tracing Apps Across Europe is Starting to Work

Charlotte Henry ·

The first stage in making COVID-19 contact tracing apps work across different European countries has been achieved. The Scottish contact tracing app, which was built using the Apple/Google API, now also works in both Northern Ireland and Jersey.

The shared code is what also enables interoperability between apps used in New York, New Jersey, Pennsylvania and Delaware … The Scottish app should also work in England and Wales within the next few weeks, and then across Europe. This is all part of a wider European interoperability project intended to ensure that all contact tracing apps work across the continent. The app was developed by NearForm, which first created the Irish contact tracing app before rolling out versions for Scotland, Jersey, and the four US states. All the apps share the same core code.

Link

iPad Air Might Make the Pro Obsolete

Charlotte Henry ·

The reviews of the new iPad Air are starting to appear. Wired UK‘sis very positive, with author Jeremy White saying that it might make the Pro redundant for many users.

The inclusion of Apple’s A14 Bionic means you get the company’s latest chip that is in some respects even better than the one in the current iPad Pro. While to say this results in better performance than the Pro would be outright wrong, you do get a big bump in power – a 40 per cent increase in performance over the previous iPad Air, Apple says, and a 30 per cent uptick in graphics performance. Much like the new iPhone 12 series that also carries the A14, the Air is noticeably faster than its previous iteration. Battery life is of the usual iPad standard – top drawer. You will not need to charge the Air for days with light use, and if you do employ it as a PC replacement (which is certainly possible, especially with the keyboard) you will get many more hours out of it than a standard laptop. The faster 20W charger that comes in the box will help top things up if you do run low. It’s not all good news, though. Despite stealing so much from the Pro there is no LiDAR and no ultrawide camera.

Link

Hints of an Apple Search Engine Resurface

Andrew Orr ·

A report in the Financial Times (which is paywalled so I’m linking to TechCrunch) claims that Apple could be creating an Apple search engine. Or, maybe the company is instead improving search for Siri or Spotlight.

Apple is now showing its own search results and linking directly to websites when users type queries from its home screen in iOS 14. For context, this is a behavior that has been known for a while as people have seen the feature pop up in beta versions of iOS. And the search volume being up on Apple’s crawler is something that Jon Henshaw of Coywolf had noted back in August.

I’m going with the “improving Siri and Spotlight” take. Apple isn’t known for creating products outside its ecosystem (Music on Android and Apple TV on other devices notwithstanding).

Link

Instagram’s “Unlink Account” Feature is Deceiving

Andrew Orr ·

Instagram’s Unlink Account feature is deceiving, at least when it comes to Facebook. Since Instagram is a Facebook company your two accounts will forever be connected.

That’s because the wealth of data that Facebook collects through its multiple services is more than enough to properly identify users’ various accounts and link them to one another. Even in cases where a different name, email address, or device was used to create each account—be it a throwaway WhatsApp profile, stalker Instagram account, or joke Facebook profile—Facebook often is able to suss out who is actually behind the account and whether they have accounts on other Facebook-owned apps.

TMO Deals

FlipNetik Kinetic Desk Toy: $22.99

Bryan Chaffin ·

I’m a sucker for fidget toys, and I love today’s deal on the FlipNetik. It’s designed to roll, so to speak, even though its shape in no way looks like it should roll. There’s a square model and a hexagon, and they come in gold, silver, or black. I’m linking directly to the black hexagon listing, but there’s a pulldown menu for the other options, including buying both a square and a hexagon at a discount. Spoiler, that’s what I did! One is $22.99, while two are $34.99.