Encryption

Posts tagged “Encryption”

「冬奧通」安全分析

「冬奧通」是2022年北京奧運會官方規定與會者必須安裝的一個手機軟件。本研究指出「冬奧通」有一個簡單但後果嚴重的安全漏洞,即其用于加密用戶語音音頻和文件傳輸的加密技術可以輕易被繞過。健康申報表等傳輸詳細護照等個人資料,個人健康信息以及旅遊史等也存在安全漏洞。服務器響應也可以被欺騙,允許攻擊者向用戶顯示虛假指令。

Cross-Country Exposure: Analysis of the MY2022 Olympics App

MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.

“冬奥通”安全分析

“冬奥通”是2022年北京奥运会官方规定与会者必须安装的一个手机软件。本研究指出“冬奥通”有一个简单但后果严重的安全漏洞,即其用于加密用户语音音频和文件传输的加密技术可以轻易被绕过。健康申报表等传输详细护照等个人资料,个人健康信息以及旅游史等也存在安全漏洞。服务器响应也可以被欺骗,允许攻击者向用户显示虚假指令。

تحرك بسرعة واستخدم تشفيرك الخاص: نظرة سريعة على سرية اجتماعات Zoom

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

The proposed rationales for weakening encryption would exchange marginal gains in limited investigative situations for significant loses with regards to Canadians’ abilities to exercise their rights and freedoms while simultaneously undermining cybersecurity, economic development, and foreign affairs. Minister Goodale should stop calling persons with well-considered policy positions on the importance of enabling the availability of strong encryption as supporters of child abusers, and get on with his job of trying to keep Canadians safe instead of endangering them with his irresponsible and dangerous encryption policy.

Secure Your Chats: Why Encrypted Messaging Matters

End-to-end encrypted messaging is effective at protecting the content of your messages from being read as they travel across the Internet to your friends and family. This is why the Citizen Lab has released Secure Your Chats: a Net Alert resource that outlines how to safely use end-to-end encryption.

Christopher Parsons on The Agenda with Steve Paikin

Citizen Lab Research Associate Christopher Parsons joined The Agenda with Steve Paikin to discuss the controversial Bill C-51, anti-terrorism legislation passed by the previous Conservative government. He joined a panel to discuss potential changes to the law, which has been used by agencies like the RCMP and Canadian Association of Chiefs of Police to petition for new powers to access telephone and Internet data.

Christopher Parsons on Pakistan’s BlackBerry information requests

Pakistan and BlackBerry have agreed to delay the shutdown of BlackBerry’s Enterprise Server (BES) by one month. This comes months after Pakistan initially ordered the shutdown of the company’s encrypted messaging services for businesses. Postdoctoral Fellow Christopher Parsons weighed in on the policy reasons for the disagreement.