back to article Auditors find encrypted chat client TextSecure is secure

Popular text and instant messaging client TextSecure would offer excellent security ... if it patched an attack vector found by a German research team conducting the first audit of the software. The app was downloaded half a million times from the Android play store and was built into the popular Cyanogenmod Android operating …

  1. Spearchucker Jones

    Easily fixed

    Instead of verifying the fingerprint, Milhouse sends a nonce encrypted under Bart's (actually Nelson's) public key. If Bart were legit he performs a simple operation on the nonce, re-encrypts it with Milhouse's public key and sends it back to him, thereby verifying that he holds his (Nelson's) private key.

    The vulnerability is an old one. Bart can't read Nelson's stuff because he doesn't have Nelson's private key. So instead of just verifying a fingerprint, verify the existence of the private key. Kerberos does this (Needham Schroeder protocol).

  2. This post has been deleted by its author

    1. stuartnz

      Re: Simpsons?

      They all got hired as consultants for the NSA.

    2. Alistair

      Re: Simpsons?


      Bob is serving time in pokey after allegations that he was recording interactions between Alice and Mallory and posting them to revenge porn sites.

      As a result he now works for the NSA in order to reduce his sentence.

      Alice sought psychological assistance for her mental anguish and was convinced that working for the NSA would allow her to take revenge on revenge porn sites.

      Their manager at the NSA ensures that they never meet face to face, and has taken to drinking at work due to the stress.

      Mallory now is a homemaker, heavily medicated, who drives an SUV and helicopters all three of her children, 24 hours a day. Physically and emotionally exhausted, she no longer has time for computer security.

    3. Charles 9 Silver badge

      Re: Simpsons?

      Alice and Mallory are involved in a menage a trois with Gene behind Bob's back. In the process, Gene stole everyone's private keys behind their backs...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • AWS buys before it tries with quantum networking center
    Fundamental problems of qubit physics aside, the cloud giant thinks it can help

    Nothing in the quantum hardware world is fully cooked yet, but quantum computing is quite a bit further along than quantum networking – an esoteric but potentially significant technology area, particularly for ultra-secure transactions. Amazon Web Services is among those working to bring quantum connectivity from the lab to the real world. 

    Short of developing its own quantum processors, AWS has created an ecosystem around existing quantum devices and tools via its Braket (no, that's not a typo) service. While these bits and pieces focus on compute, the tech giant has turned its gaze to quantum networking.

    Alongside its Center for Quantum Computing, which it launched in late 2021, AWS has announced the launch of its Center for Quantum Networking. The latter is grandly working to solve "fundamental scientific and engineering challenges and to develop new hardware, software, and applications for quantum networks," the internet souk declared.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • A miserable work week spent toiling inside 'the metaverse'
    Nausea, eye strain, inability to take notes, migraines are just a few of Metaverse work 'perks'

    Sometimes it takes research to prove what was already suspected, like how utterly uncomfortable it would be to work in the metaverse.

    An international team of researchers conducted a study [PDF] to just such an end, putting participants in VR headsets and taking an inventory of their self-reported physical and mental states throughout a five day, eight-hour-a-day period spent in headsets and a virtual "office".

    Unlike a real job, participants were allowed to set their own work agendas and didn't perform standardized tasks yet even still had trouble undertaking these.

    Continue reading
  • Drone ship carrying yet more drones launches in China
    Zhuhai Cloud will carry 50 flying and diving machines it can control with minimal human assistance

    Chinese academics have christened an ocean research vessel that has a twist: it will sail the seas with a complement of aerial and ocean-going drones and no human crew.

    The Zhu Hai Yun, or Zhuhai Cloud, launched in Guangzhou after a year of construction. The 290-foot-long mothership can hit a top speed of 18 knots (about 20 miles per hour) and will carry 50 flying, surface, and submersible drones that launch and self-recover autonomously. 

    According to this blurb from the shipbuilder behind its construction, the Cloud will also be equipped with a variety of additional observational instruments "which can be deployed in batches in the target sea area, and carry out task-oriented adaptive networking to achieve three-dimensional view of specific targets." Most of the ship is an open deck where flying drones can land and be stored. The ship is also equipped with launch and recovery equipment for its aquatic craft. 

    Continue reading
  • World’s smallest remote-controlled robots are smaller than a flea
    So small, you can't feel it crawl

    Video Robot boffins have revealed they've created a half-millimeter wide remote-controlled walking robot that resembles a crab, and hope it will one day perform tasks in tiny crevices.

    In a paper published in the journal Science Robotics , the boffins said they had in mind applications like minimally invasive surgery or manipulation of cells or tissue in biological research.

    With a round tick-like body and 10 protruding legs, the smaller-than-a-flea robot crab can bend, twist, crawl, walk, turn and even jump. The machines can move at an average speed of half their body length per second - a huge challenge at such a small scale, said the boffins.

    Continue reading
  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • MIT's thin plastic speakers fall flat. And that's by design
    The walls are alive with the sound of music

    Video Engineers at MIT have created paper-thin speakers using a plastic film and a piezoelectric layer embossed with tiny domes.

    These sheet speakers could potentially be applied to any surface for sound output or input: think surround sound or noise cancellation in aircraft. The technology also has potential for ultrasound imaging and echolocation, among other possibilities.

    The work is described in a paper published recently in the journal IEEE Transactions on Industrial Electronics, "An Ultra-Thin Flexible Loudspeaker Based on a Piezoelectric Micro-Dome Array."

    Continue reading
  • Take this $15m and make us some ultra-energy-efficient superconductor chips, scientists told
    A fair price to get everyone to stop talking about Moore's Law for good

    Researchers in the US have received a $15 million National Science Foundation (NSF) award to develop superconductor chips that ought to be much faster and use significantly less energy than the hardware the world today relies on for computing.

    A team at the University of Southern California's Viterbi School of Engineering is leading the effort, and it goes by the name DISCoVER, a rather fun acronym that stands for Design and Integration of Superconductive Computation for Ventures beyond Exascale Realization.

    As the name suggests, the scientists are looking to use superconducting materials as an alternative to today's semiconductors to develop new kinds of superfast and highly energy efficient integrated circuits that can enable sustainable and large-scale exascale computing.

    Continue reading
  • Intel’s neurochips could one day end up in PCs or a cloud service
    The brain-like chip technology could aid with low-power AI tasks like speech recognition

    You may have heard before about Intel's Loihi neuromorphic chips that mimic the way brains work, but what hasn't been clear yet is how the chipmaker will make money from the experimental silicon.

    In a recent roundtable with journalists, Intel Labs lead Rich Uhlig offered two possibilities: integrating Loihi in a CPU for PCs to perform energy-efficient AI tasks and potentially offering the its neuromorphic chips as a cloud service, although Uhlig was clear he wasn't firming actual product plans, just projecting what could theoretically happen in the future.

    "Right now with Loihi, we're at that point where we think we're onto something, but we don't actually have product plans yet. We're sort of earlier on in that work stream," he said last month.

    Continue reading
  • Intel R&D spending surges after years of neglect as Gelsinger pledges to make Chipzilla great again
    A timeline of the x86 giant's stumbles – and commitments for the future

    Analysis Intel is cranking up its research spending to fix past mistakes, catch up with and overtake the competition, and build a foundation to grow in future.

    The US giant spent $15.19bn on research and development in fiscal 2021, more than 20 per cent of the company's $74.7bn revenue. That was about a 12 per cent increase from research and investments in 2020, and it was largest year-over-year increase since 2012, when R&D spending went up by 20 per cent.

    Compare that to recent years, when research and development spending was stagnant or barely increased and Chipzilla spent billions on stock price support instead. Enter CEO Pat Gelsinger, who took the reins last year and hit the reset button on Intel's priorities to focus on engineering.

    Continue reading

Biting the hand that feeds IT © 1998–2022