Security News

Signal fixes location-revealing flaw, introduces Signal PINs
2020-05-21 12:02

The non profit organization has also announced on Tuesday a new mechanism - Signal PINs - that will, eventually, allow users not to use their phone number as their user ID. About the vulnerability. While the DNS server information cannot tell the caller where exactly the callee is located as it offers just coarse location data, according to Wells, "In instances such as Google Public DNS and others, this attack can narrow the location down to the Signal user's city due to usage of EDNS Client Subnet."

FYI: Your browser can pick up ultrasonic signals you can't hear, and that sounds like a privacy nightmare to some
2020-05-07 21:24

People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Samuel Weiler, a web security engineer with MIT CSAIL and a member of the W3C's Privacy Interest Group, recently pushed to re-open a discussion about limiting the Web Audio API so that it cannot be used to generate or listen for ultrasonic signals without permission.

Fake Skype, Signal Apps Used to Spread Surveillanceware
2020-04-23 13:48

Cybercriminals are increasingly peddling booby-trapped version of popular apps such as Skype and Signal that contain surveillanceware. Apurva Kumar, security intelligence engineer at Lookout, said that one such surveillanceware family that's been spotted using this tactic is Monokle, a sophisticated set of custom Android surveillanceware.

S2 Ep36: Rogue Chrome extensions, Signal fears and Darth Vader – Naked Security podcast
2020-04-23 08:57

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!

Signal: We’ll be eaten alive by EARN IT Act’s anti-encryption wolves
2020-04-15 10:00

Understandably, the end-to-end encrypted messaging app Signal has been signing up new users at "Unprecedented" rates and flipping the switch on servers "Faster than we ever anticipated," Signal's Joshua Lund said last week. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee 'best practices' that are extraordinarily unlikely to allow end-to-end encryption.

Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we'll shut US ops
2020-04-09 20:09

Secure messaging app developer Signal says its US operation hangs in the balance due to a proposed law in America. "Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States," Signal's Joshua Lund said.

Keysight’s new Signal Analyzer offers wider bandwidth to meet wireless app test requirements
2020-03-04 04:15

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, launched the Keysight N9021B MXA X-Series Signal Analyzer which provides design validation and manufacturing engineers with superior phase noise performance at higher frequencies, and includes software that improves workflows while meeting 3GPP 5G new radio compliance standards. The new Keysight N9021B MXA X-Series Signal Analyzer offers an enhanced frequency sweep algorithm, accelerating test time improvements with uncompromising performance.

Switch to Signal for encrypted messaging, EC tells staff
2020-02-26 11:31

Last week, Politico reported that earlier this month, the EC took to internal messaging boards to recommend moving to the alternative end-to-end encrypted messaging app, which it said "Has been selected as the recommended application for public instant messaging." Unlike WhatsApp, Signal is operated by a non-profit foundation - one that WhatsApp co-founder Brian Acton put $50 million into after he ditched Facebook - and is applauded for putting security above all else.

Mixed-signal circuits can stop side-channel attacks against IoT devices
2020-02-26 05:00

Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Recent attacks have shown that such side-channel attacks can happen in just a few minutes from a short distance away.

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal
2019-12-20 14:00

Take a break from calling for the end of e2e, so they can switch encrypted chat apps It's not just the European Union the UK's ruling party wishes to leave. According to the Guardian, the recently...