Last week’s leak of draft regulations for implementing the UK’s Investigatory Powers Act (IPA) shed new light on two of the more controversial aspects of the proposed UK anti-encryption rules: mandatory disabling of encrypted services and “equipment interference.” The rules require service providers to “remove any electronic protection applied by or on behalf of the … [Read more...]
Antiquated Box: Endpoint Attacks Flank Gemalto Ethernet Encryptor
The ability to hack into ethernet fiber cables via evanescent couplers has been a proven interception capability for 10 years at least. In response, the Gemalto Ethernet Encryptor product line offers end-to-end encryption that thwarts a coupler from hacking ethernet in mid-stream. One minor caveat for potential buyers, which often include financial instituions and government … [Read more...]
How NSA & GCHQ Hacked Gemalto SIM Card Keys By the Billions
Non-malware endpoint attacks drove GCHQ's hack of Gemalto SIM card keys - and these invisible tools remain popular at the CIA and NSA to this day. It was the biggest hack of SIM card keys and mobile networks ever: The joint NSA/GCHQ breach of the Gemalto SIM card empire, cracking the security of billions of mobile phones and scores of mobile networks worldwide. … [Read more...]
Equipment Interference: Ticking Time Bomb of UK’s Investigatory Powers Act
Since passage of the UK's Investigatory Powers Act by Parliament, most attention has focused on the clause requiring ISPs to retain all customer Internet data records for 12 months and allowing LEAs to access the metadata without a warrant. But tucked away in the Parliament's law is a provision far more likely to arouse the ire of device and network hardware manufacturers - … [Read more...]
NYSE Goes Dark: Dismiss it or FREAK Out?
FREAK vulnerability, a sleeper for nearly a decade, serves as a reminder that widespread IT security weakness remains an unaddressed crisis-in-the-making. One day after the epic outage of the New York Stock Exchange, the crash of United Airlines computer systems and similar problems at The Wall Street Journal, the trio of incidents has moved out of the front page and off … [Read more...]