Security Leftovers
-
QSB-084: Split GPG: GnuPG file descriptor confusion and file existence leak | Qubes OS
We have just published Qubes Security Bulletin (QSB) 084: Split GPG: GnuPG file descriptor confusion and file existence leak. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). More information about QSBs, including a complete historical list, is available here.
-
Apple Just Killed the Password—for Real This Time [Ed: Apple also gives your data and passwords to the NSA, so...]
-
New quantum encryption method could lead to truly secure communication [Ed: Adding mystique with the word "quantum" to make things sound impenetrable]
By tapping into quantum entanglement, researchers said they could develop secure communications that are ‘fundamentally beyond’ an adversary’s control.
An international team of researchers has tested a new form of quantum cryptography that could lead to the ultimate standard in secure communications with real-world devices.
It is based on quantum key distribution (QKD), which is a method of sharing encryption keys between two parties that can be used to encrypt and decrypt messages. This promises communication security unattainable in conventional cryptography.
-
The End-to-End Principle in System Design
It was formalized in a 1984 paper, End-to-End Arguments in System Design, by Saltzer, Reed, and Clark. The paper uses an example of securing a file transfer between two computers. There are many steps during the transfer where the file could get corrupted or lost. Should the network be responsible for error checking, de-duplication, ordering, and crash recovery? The end-to-end solution solves this problem at the end node – a simple checksum at the source and destination.
David Clark wrote a follow-up paper in 2000 examining how the Internet had changed. Namely, he recognized that the Internet was full of users that might not have others' best interests at heart – spammers, the government interests, users who don't trust each other, users who don't trust the software they're using, etc.
Clark touches on different ways of approaching this problem: firewalls, NAT, trusted-third parties, public-key cryptography, and non-technical solutions.
- Login or register to post comments
- Printer-friendly version
- 488 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's howtos
| Open Hardware: XON/XOFF and Raspberry Pi Pico
|
Security Leftovers
| How to Apply Accent Colour in Ubuntu Desktop
A step-by-step tutorial on how to apply accent colour in Ubuntu desktop (GNOME) with tips for Kubuntu and others. |
Recent comments
2 days 8 hours ago
2 days 12 hours ago
2 days 12 hours ago
3 days 19 hours ago
3 days 20 hours ago
3 days 21 hours ago
3 days 21 hours ago
3 days 22 hours ago
4 days 28 min ago
4 days 2 hours ago