New internet standard for RSA blind signatures. This is the foundation for privacy pass and other privacy preserving protocols.

rfc-editor.org/info/rfc9474

'I will however withhold the proof-of-concept source code until the end of the ongoing national election for security reasons, as the currently deployed version is still vulnerable, and there are no immediate fixes planned by Swiss Post.'

#eVoting

andreaskuster.ch/blog/2023/CVD-…

Attack or no-attack? That’s the question! #evoting andreaskuster.ch/blog/2023/CVD-…

According to this study, HES-SO has no dedicated #cybersecurity research group. This assertion raises some questions and probably deserves explanations.

Chère BCV, j'ai bien compris que sur un iPhone 11, il faut installer la dernière version de BCV Mobile et se logguer avant de passer à iOS 17, 'à cause d'un bug d'iOS 17'. Mais comment faire avec un iPhone 11 réinitialisé, qui installe iOS 17 avant toute chose?

Il est pas frais, ton poisson, chère ⁦Migros⁩ 🤭

PQC standards are out...

FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
FIPS 204, Module-Lattice-Based Digital Signature Standard
FIPS 205, Stateless Hash-Based Digital Signature Standard

Designing #postquantum crypto is hard and not for the faint of heart:
11h47 CEST: 'A minor tweak was done on the definition of V2.'
15h13 CEST: 'Here's a Sage script forging signatures for KAZ-SIGN 1.2 and checking that the forgeries are accepted by the reference software.'

'The only SSH key type supported by Azure DevOps is RSA' 🙈

.Max Levchin gave a terrifyingly memorable talk at Stripe when we were starting out. He now blogs the tale: max.levch.in/post/724289457….

Our group has two job openings. Become a PhD or PostDoc and work with us on exciting cryptographic topics in beautiful St. Gallen.

jobs.unisg.ch/offene-stellen…

'Hey {f_name}, Review your recent order with us TG{random_number(3)}YO{random_number(4)}' 🙈🤡

This is something that I have advocated for a long time, and it's great to see it so eloquently presented by Pedro Fortuna and Jasvir Nagra ✨. Patching is important, but a surface attack reduction and compartmentalization architecture is often forgotten or not given enough priority.

Today, ANSSI and CryptoExperts present CRY-ME, a messaging app cryptographic challenge, at the SSTIC symposium 🎤
The challenge has been open-sourced at github.com/ANSSI-FR/cry-me 👀
Try it out to challenge your crypto skills 🥷