Friday Squid Blogging: Squid Communications
In the oval squid Sepioteuthis lessoniana, males use body patterns to communicate with both females and other males:
To gain insight into the visual communication associated with each behavior in terms of the body patterning’s key components, the co-expression frequencies of two or more components at any moment in time were calculated in order to assess uniqueness when distinguishing one behavior from another. This approach identified the minimum set of key components that, when expressed together, represents an unequivocal visual communication signal. While the interpretation of the signal and the associated response of the receiver during visual communication are difficult to determine, the concept of the component assembly is similar to a typical language within which individual words often have multiple meanings, but when they appeared together with other words, the message becomes unequivocal. The present study thus demonstrates that dynamic body pattering, by expressing unique sets of key components acutely, is an efficient way of communicating behavioral information between oval squids.
News article.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • May 5, 2017 4:12 PM
CRITICAL Security warning for users of Mailvelope in Firefox
German secure email service Posteo paid for a security audit of Mailvelope “a critical vulnerability was found in the interaction between Mailvelope and Firefox.”
https://posteo.de/en/blog/security-warning-for-users-of-mailvelope-in-firefox
CRITICAL Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
Eurocrypt 2017 – Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model
http://bristolcrypto.blogspot.com/2017/05/eurocrypt-2017-parallel-implementations.html
Eurocrypt 2017: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL
http://bristolcrypto.blogspot.com/2017/05/eurocrypt-2017-on-dual-lattice-attacks.html
A low-resource quantum factoring algorithm
https://eprint.iacr.org/2017/352.pdf
Revised Draft Trump EO on Cybersecurity: May 2017 Version
https://www.lawfareblog.com/revised-draft-trump-eo-cybersecurity-may-2017-version
Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors
Real-time full-blown snooping with breakable encryption
https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/
http://www.revk.uk/2017/05/is-end-to-end-encryption-banned.html
After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
Dark-web pedo jailed after FBI and co use vid trick to beat privacy tech
https://www.theregister.co.uk/2017/05/04/pedophile_snatched_on_dark_web/
https://arstechnica.com/tech-policy/2017/05/creator-of-infamous-playpen-website-sentenced-to-30-years-in-prison/
Affidavit:
https://regmedia.co.uk/2017/05/04/website19.pdf
Qubes kicks Xen while it’s down after finding ‘fatal, reliably exploitable’ bug
https://www.theregister.co.uk/2017/05/03/xen_bugs/
More Android phones than ever are covertly listening for inaudible sounds in ads
https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/
http://threatpost.com/ultrasonic-beacons-are-tracking-your-every-movement/125484/
Not-so-secret DOD “spy drone” footage, live on the Internet
“Kenneth Lipp, a contributor to the Daily Beast, was doing what amounts to a random search on the security search engine Shodan when he discovered what appears to be a Web console for full-motion video feeds from two Predator drones.”
https://arstechnica.com/information-technology/2017/05/not-so-secret-dod-spy-drone-footage-live-on-the-internet/
Director of National Intelligence Releases 2016 Transparency Report
https://www.lawfareblog.com/director-national-intelligence-releases-2016-transparency-report
The Promises and Perils of Emerging Technologies for Cybersecurity
https://www.lawfareblog.com/promises-and-perils-emerging-technologies-cybersecurity
Louisiana DA’s Office Used Fake Subpoenas To Trick People Into Talking
“If defense lawyers did this, you can bet the local prosecutor’s office would be there in an instant to file charges. But since it’s a prosecutor’s office doing it, local prosecutors see nothing wrong with lying to witnesses to obtain testimony.”
https://www.techdirt.com/articles/20170428/20250437262/louisiana-das-office-used-fake-subpoenas-decades-to-trick-people-into-talking-to-prosecutors.shtml
Password reuse, credential stuffing and another billion records in Have I been pwned
https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/
Proposed NIST Password Guidelines Soften Length, Complexity Focus
http://threatpost.com/proposed-nist-password-guidelines-soften-length-complexity-focus/125393/
TLS verification vulnerability in LibreSSL 2.5.1-2.5.3
“LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.”
http://seclists.org/oss-sec/2017/q2/145
A Trick That Hides Censored Websites Inside Cat Videos
“The technique uses popular sites as camouflage for banned ones.”
https://www.theatlantic.com/technology/archive/2017/04/a-system-that-hides-censored-websites-inside-cat-videos/524247/
OWASP top ten – Boring security that pays off
https://blog.malwarebytes.com/security-world/2017/05/owasp-top-ten-boring-security-that-pays-off/
Google Doc phishing story takes some bizarre turns
https://nakedsecurity.sophos.com/2017/05/04/student-claims-google-docs-blast-was-a-test-not-a-phishing-attempt/
https://nakedsecurity.sophos.com/2017/05/05/google-phish-thats-a-worm-what-happened-and-what-to-do/
https://www.theregister.co.uk/2017/05/05/google_paid_bounty_for_bug_behind_docs_drama_five_years_ago/
https://arstechnica.com/security/2017/05/google-phishing-attack-was-foretold-by-researchers-and-it-may-have-used-their-code/
Don’t panic, Florida Man, but a judge just said you have to give phone passcodes to the cops
https://www.theregister.co.uk/2017/05/03/florida_passcode_unlock_phone_cops/
Sextortion suspect must unlock her seized iPhone, judge rules
https://arstechnica.com/tech-policy/2017/05/judge-miami-reality-tv-star-must-unlock-her-iphone-in-extortion-case/
AsusWRT sends network traffic data to Trend Micro if certain features enabled
https://ctrl.blog/entry/review-asuswrt
Edge displays “123456” in PDF but prints “114447”
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/11896203/
Adware the series, part 1 and part 2 [part 3 coming soon]
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/
https://blog.malwarebytes.com/puppum/2017/05/adware-the-series-part-2/
How to explain zero-knowledge protocols to your children
http://pages.cs.wisc.edu/~mkowalcz/628.pdf