Archives

The National Security Agency recently discovered a major cryptographic flaw in Microsoft’s low-level code within their operating system. This flaw, now known as CurveBall, was found within Windows CryptoAPI and effects the way Elliptic Curve Cryptography (ECC) x.509 certificates are validated, giving attackers the ability to “undermine how Windows verifies cryptographic trust,” as stated in the NSA’s Cybersecurity Advisory on this issue.

On 14th January 2020, Microsoft released a software update to fix this serious security vulnerability. Yet, due to the potentially severe nature of this vulnerability, they first made the patch available to the US government, military and “other high-value customers/targets that manage key Internet infrastructure.” If exploited by attackers, it would give them the ability to spoof digital signatures, essential for digital security and trust.

Initially reported by Brian Krebs at KrebsOnSecurity, this story has since made headlines in major news outlets, such as the Washington Post, Tech Crunch, and Wired, all of which include public comments from Anne Neuberger, director of the NSA’s Cybersecurity Directorate.

Continue Reading

The quantum threat represents the first time in history that a cybersecurity breach will be the result of a complete break of modern public key cryptography. For many, this information might come as a surprise. There seems to be a new security breach almost every day, most recently a bug was discovered in Intel’s chips affecting most computers. Yet modern public key cryptography such as RSA and elliptic-curve cryptography (ECC) – the very foundation of cybersecurity – haven’t been broken via an efficient attack on commercialized products when implemented correctly.

Continue Reading

This is an excerpt from a guest post by Mike Brown, CTO, ISARA Corporation, that originally appeared in full on the GTEC website. Mike and ISARA COO Mark Pecen spoke at GTEC 2016 as part of a panel of experts on Quantum Safe Strategy for Canada. “The challenge of protecting cyber systems and information is […]

Continue Reading