Friday Squid Blogging: Squid Catches Down in Argentina
News from the South Atlantic:
While the outlook is good at present, it is too early to predict what the final balance of this season will be. The sector is totally aware that the 2016 harvest started well, but then it registered a strong decline.
Last year only 60,315 tonnes of Illex squid were landed, well below the 126,670 tonnes landed in 2015 and the 168,729 tonnes recorded in 2014.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Ben A. • March 17, 2017 4:33 PM
Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Other papers:
https://petsymposium.org/2017/paperlist.php
HN Thread:
https://news.ycombinator.com/item?id=13895614
They note, correctly, that Signal is no longer using ZRTP in favour of their own protocol.
“The new Signal voice and video beta functionality eliminates the need for ZRTP. The “signaling” messages used to set up the voice/video beta calls (offer/answer SDPs, ICE candidates, etc) are transmitted over the normal Signal Protocol messaging channel, which binds the security of the call to that existing secure channel. It is no longer necessary to verify an additional SAS, which simplifies the calling experience.”
https://whispersystems.org/blog/signal-video-calls/
https://whispersystems.org/blog/signal-video-calls-beta/
Advanced Web Scraping: Bypassing “403 Forbidden,” captchas, and more
http://sangaline.com/post/advanced-web-scraping-tutorial/
How Classical Cryptography Will Survive Quantum Computers
http://nautil.us/blog/how-classical-cryptography-will-survive-quantum-computers
Extracting All Your Secrets: Vulnerabilities in Android Password Managers
https://team-sik.org/trent_portfolio/password-manager-apps/
US-CERT Warns HTTPS Inspection May Degrade TLS Security
http://threatpost.com/us-cert-warns-https-inspection-may-degrade-tls-security/124375/
Dormant Linux kernel vulnerability finally slayed
A race condition in the n_hdlc driver that leads to double-freeing of kernel memory (CVE-2017-2636) has been fixed after eight years.
http://www.theregister.co.uk/2017/03/16/linux_kernel_vuln/
US will ‘not repeat’ claims GCHQ wiretapped Donald Trump
GCHQ rejected allegations made by White House press secretary Sean Spicer, that it spied on Mr Trump, as “nonsense”.
http://www.bbc.co.uk/news/uk-39300191
Google Chrome Stable Channel Update for Desktop
The stable channel has been updated to 57.0.2987.110 for Windows, Mac, and Linux.
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_16.html
Forensics Jonathan Zdziarski joins the Apple Security Engineering and Architecture team
https://www.zdziarski.com/blog/?p=7016
Patch Tuesday Return; Microsoft quiet on postponement
https://threatpost.com/patch-tuesday-returns-microsoft-quiet-on-postponement/124309/