The Verge: WhatsApp says it will leave the UK rather than weaken encryption under Online Safety Bill. “The head of WhatsApp says the messaging app will depart the UK if it’s forced to weaken its encryption standards under the country’s upcoming Online Safety Bill.”
The Verge: Twitter just let its privacy- and security-protecting Tor service expire. “Twitter has allowed the certificate for its Tor onion site to expire, effectively killing off a privacy- and speech-protecting service that it introduced last year.”
WIRED: This Hacker Tool Can Pinpoint a DJI Drone Operator’s Exact Location. “Every DJI quadcopter broadcasts its operator’s position via radio—unencrypted. Now, a group of researchers has learned to decode those coordinates.”
Ars Technica: Google adds client-side encryption to Gmail and Calendar. Should you care?. “…Google made client-side encryption available to a limited set of Gmail and Calendar users in a move designed to give them more control over who sees sensitive communications and schedules.”
How-To Geek: Proton Mail Just Got a Big Upgrade on Desktop PCs. “Proton Mail’s data synchronization and encryption isn’t compatible with regular email apps. That’s why Proton also has a desktop Bridge application, which relays messages to your favorite mail app while maintaining end-to-end encryption. Proton Mail has announced a revamp to its bridge that will allow it to be much faster and comfortable to use, helping whatever email client you’re using it with to feel much more native.”
WIRED: How to Encrypt any File, Folder, or Drive on Your System. “How the most popular operating systems have handled encryption has changed over the years, and there are third-party tools that give you more encryption options to choose from. We’ll guide you through everything you need to know about these options to help you pick the right one.”
Bleeping Computer: Amazon S3 will now encrypt all new data with AES-256 by default. “Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. While the server-side encryption system has been available on AWS for over a decade, the tech giant has enabled it by default to bolster security.”
The Verge: Google is letting businesses try out client-side encryption for Gmail. “Google has launched a beta of its client-side encryption for Gmail, letting businesses apply to test out the feature meant to make ‘sensitive data’ and attachments unreadable even to Google. The company announced the beta, which Workspace administrators can sign up for until January 20th, in a blog post on Friday.”
TechCrunch: Google is testing end-to-end encryption for group chats in the Messages app. “Google said… it is testing end-to-end encryption for RCS-based group chats on its Messages app — RCS stands for Rich Communication Services. The company noted that in the coming weeks it will be rolling out this feature to select users that are part of the app’s open beta program.”
InfoSecurity: Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools. “Attackers have been increasingly encrypting malware in archives before releasing it in the wild. According to HP Wolf Security’s latest Threat Insights Report Q3 2022, 44% of malware was delivered via archive files in the third quarter of 2022, an 11% increase from the previous quarter and substantially more than the 32% delivered through Office files.”
MIT News: A faster way to preserve privacy online. “MIT researchers have now developed a scheme for private information retrieval that is about 30 times faster than other comparable methods. Their technique enables a user to search an online database without revealing their query to the server. Moreover, it is driven by a simple algorithm that would be easier to implement than the more complicated approaches from previous work.”
Ars Technica: Proton Calendar rounds out security-focused Big Tech alternative on iOS. “Proton Calendar, which claims to be the ‘world’s only’ calendar using end-to-end encryption and cryptographic verification, has arrived on iOS, giving those seeking a more secure work suite an alternative to Google, Apple, and the like.”
Washington University in St. Louis: NSF grant supports development of GPS-free, secure communication. “Part of modern-day encryption requires precise synchronization of devices. Currently, that’s done using GPS satellites; devices can stay in sync by pinging a satellite at regular intervals. When there is no access to GPS, or if a GPS signal is maliciously jammed or tampered with, there can be no guarantee of secure communications.”
Naked Security: Women in Cryptology – USPS celebrates WW2 codebreakers. “The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn’t finish the war with any sort of hero’s welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence.”
Pratt School of Engineering, Duke University: An AI Message Decoder Based on Bacterial Growth Patterns. “Depending on the initial conditions used, such as nutrient levels and space constraints, bacteria tend to grow in specific ways. The researchers created a virtual bacterial colony and then controlled growth conditions and the numbers and sizes of simulated bacterial dots to create an entire alphabet based on how the colonies would look after they fill a virtual Petri dish. They call this encoding scheme emorfi.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.