Friday Squid Blogging: Prehistoric Dolphins that Ate Squid
Paleontologists have discovered a prehistoric toothless dolphin that fed by vacuuming up squid:
There actually are modern odontocetes that don’t really use their teeth either. Male beaked whales, for example, usually have one pair of teeth that is only used to fight for females, whose teeth stay completely hidden in their gums. Beaked whales, along with pilot whales and sperm whales, also catch squid by sucking them into their mouths. But all of these whales evolved recently. Inermorostrum xenops seems to have evolved its toothless suction-feeding independently and much, much earlier than modern suction-feeding whales. “It’s a highly specialized species but it’s essentially a dead end,” says Boessenecker. Evolution, far from being some linear progression, often works this way, hitting dead ends and retrying failed experiments from millions of years earlier.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • August 25, 2017 4:52 PM
Crypto 2017 – LPN Decoded
“We propose new algorithms with small memory consumption for the Learning Parity with Noise (LPN) problem, both classically and quantumly.
http://bristolcrypto.blogspot.co.uk/2017/08/crypto-2017-lpn-decoded.html
https://eprint.iacr.org/2017/078.pdf
Zerodium Offers $500K for Secure Messaging App Zero Days
A popular theme on this site is how ‘secure’ messaging apps are trivial to break. If you think you can design an exploit, Zerodium want to hear from you.
“Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp, Signal, Facebook Messenger, iMessage, Telegram and others can fetch $500,000 from the company’s program.”
https://threatpost.com/zerodium-offers-500k-for-secure-messaging-app-zero-days/127610/
https://arstechnica.com/information-technology/2017/08/wanted-weaponized-exploits-that-hack-phones-will-pay-top-dollar/
The Zen of PGP
“Wherever possible, try to use modern chat applications based on the Signal Protocol. This will give you a much higher level of security (generally speaking) with far fewer chances to make a mistake than using PGP.”
https://medium.com/@thegrugq/the-zen-of-pgp-6f55d44657dd
Bypassing VirtualBox Process Hardening on Windows
The post describes “the implementation of Oracle’s VirtualBox protected process and detail three different, but now fixed, ways of bypassing the protection and injecting arbitrary code into the process. The techniques I’ll present can equally be applied to similar implementations of “protected” processes in other applications.”
http://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html
I’m giving up on HPKP
“Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too.”
https://scotthelme.ghost.io/im-giving-up-on-hpkp/
Judge orders tech company to release Web user data from anti-Trump website
https://www.washingtonpost.com/local/public-safety/judge-orders-tech-company-to-release-web-user-data-from-anti-trump-website/2017/08/24/19abeac4-88e7-11e7-a50f-e0d4e6ec070a_story.html
https://nakedsecurity.sophos.com/2017/08/25/judge-scales-back-data-demand-on-inauguration-riot-related-web-host/
Leak of >1,700 valid passwords could make the IoT mess much worse
https://arstechnica.com/information-technology/2017/08/leak-of-1700-valid-passwords-could-make-the-iot-mess-much-worse/
Fraud Forces WannaCry Hero’s Legal Fund To Refund All Donations
“The lawyer managing fundraising for Hutchins’ legal defense decided it was easier to refund all donations than figure out which ones were legitimate.
https://www.buzzfeed.com/kevincollier/beset-by-fraud-wannacry-heros-legal-fund-refunds-all
NSA ramps up PR campaign to keep its mass spying powers
“Section 702 saves lives, claims spying agency, while continuing to dodge critical question.”
https://www.theregister.co.uk/2017/08/25/nsa_pr_campaign/
Tests of facial matching for spotting individuals in large crowds have so far had very poor success
http://www.theregister.co.uk/2017/08/24/biometrics_commissioner_breaks_cover/