Innovate. Accelerate. Win.
September 18-19 | Las Vegas and Virtual
#MIMSummit2023 is the frontier for unstoppable innovation. The gathering ground for security leaders looking to redefine what’s possible. The must-see industry event of 2023. Register today and save with special Early Bird rates!
This week, we again explore the breaking points of encryption, while basking in its unexplored potential. It’s a complicated relationship. Japan races to be quantum ready, struggling to catch up with China and the US, and what was thought to be secure communication in China—isn't. And it may not even be China’s fault. How Telegram may have let down it’s pro-democracy users with the fine print, and why your firewall provider may need a firewall provider. Plus, at a time where blockchain never ceases to amaze us, we’re asking it to do one more trick—all in this week’s Encryption Digest.
Hong Kong pro-democracy activists left exposed by Telegram flaw
“Need help from @telegram.”
Popular among democracy seekers in China, (banned-but-cracked) Telegram is the app-based communication haven for Chinese activists who would otherwise be putting their wellbeing at risk. Well, it may not be such a haven anymore.
According to the Chinese software developer who outed the vulnerability on Twitter, the app allows those who have your number to see who you are on public messaging boards, even though you may have turned the settings to private. In a few swift steps, the Chinese government could pair with local Telcos to track those numbers to the users themselves.
To protesters who already claim to have been targeted by the Chinese government, this is a bug. To Telegram, simply a little-known feature. In either case, this parallels the encryption backdoor debate, showing what could happen when—by any means—a government has increased access to what were intended to be secure communications.
- Is Telegram the War on Encryption’s First Casualty?
- Overheard in the Press: FiveEyes calls for Encryption Backdoors, But it Won’t Change the Math
- Why Governments Should Be Wary of Encryption Backdoors
Japan goals quantum encryption in 2025
In the race to quantum computing, no one wants to be left behind.
China had quested quantum information science as a flagship in their 2006-2020 plans and has already constructed a quantum landline between Shanghai and Beijing. It works. The United States has been investing heavily in quantum cryptography, and Japan is now formalizing plans to follow suit.
$14 million dollars will be petitioned for research and development in 2020, per Japan’s Ministry of Internal Affairs and Communications. The country that is re-upping efforts to recycle old electronics will also investigate the use of existing fiber optic networks to make the technology run.
Right now, encrypted government communications are just that, and the cyber-spies are held at reasonable distance. That might not be the case for long.
With experts estimating anywhere from 3-10 years before quantum computing cracks our current encryption, 2025 seems like … a good timeline.
Why We Need Quantum Cryptography, Now
- The Race to Quantum Readiness: How Public Key Cryptography Can Keep Up
- Canada Is Getting Ready for Quantum Cryptography
- Quantum Computing Threatens All Current Cryptography
“I bought my house on blockchain”
Soon, we might be able to make a shorter list of things blockchain doesn’t do. We already see it revolutionizing the futures of IoT, refugee aid, voting machines, medical records and supply chains. Now, it’s gearing up for its latest role—as real estate broker. It’s like the astronaut-doctor-lifeguard Barbie of the '90s, only less plastic. We hope.
Implementation is still contingent upon acceptance by regulators and the industry at large, but should blockchain ever be utilized for house-hunting, here are some foreseeable benefits:
- Transparency. “Smart Contracts” slash bureaucracy and ensure all steps are completed before money changes hands.
- Cost Reduction. The platform can cut “middlemen” out of the buying process (listings, legal and payments). It’s not only blue-collar jobs the robots are after.
- Fraud Prevention. Fake listings and forged contracts might be yesterday’s news with “digital ownership certificates” tracking paper trails of properties, making replications nearly obsolete.
It’s no Chip and Joanna but given the increased digital speed of nearly everything else, maybe we’ll settle for fast, safe and viciously accurate.
It’s replaced everything else, but can blockchain really replace SSL?
- 4 New Uses for Blockchain Beyond Cryptocurrency
- Blockchains: Their Limitations and Potential
- Boosting Loyalty: Blockchain Technology in Retail Banking
To the best of us: when your firewall provider gets breached [Imperva]
No one is immune.
“For a security-as-a-service provider like Imperva, this is the kind of mistake that’s up there with their worst nightmare” confided Rich Mogull, founder at DisruptOps, a cloud security firm.
On August 20, Imperva disclosed a breach in their cloud-based Web Application Firewall (WAF) product, Incapsula. The attackers made off with API keys, client-provided SSL certificates, email addresses and passwords.
According to Mogull, Imperva is one of the top three web-based firewall providers in the industry, and this attack—is significant.
In a worst-case scenario, attackers could divert traffic going to Imperva clients’ web pages to their own. Or whitelist venomous sites. Or lower WAF security settings for all users.
These breaches can come down to small mistakes, says Alissa Knight, senior analyst at Aite Group, which is a point of concern. Cloud-based security providers are often given the “keys to the kingdom,” and it’s important to ask them the “tough questions” - like how they are securing the platforms that secure your data.
- Can Encryption Save Execs from Blame in Breaches? [Ask Infosec Pros]
- 7 Data Breaches Caused by Human Error: Did Encryption Play a Role?
Marriott Data Breach: 500 Million Reasons Why It’s Critical to Protect Machine Identities