It’s our fifth issue of “More than Quantum,” and we have some interesting stories to share. From the WPA2 Wi-Fi security vulnerability and Federal requirements for encryption, to a focus on the future of quantum computing technology and a new proposed law that could allow hacking victims to hack back, there is plenty to share this week. We hope you find these informative and fun, and if you have any future recommendations, please get in touch!
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
On the minds of many this week, a major flaw in Wi-Fi systems using the WPA2 protocol would allow attackers within range of a particular device to access passwords, emails and more. The exploit is called KRACK, for Key Reinstallation Attacks, and could allow attackers to decrypt a wealth of sensitive data that’s thought to be encrypted by the nearly ubiquitous Wi-Fi encryption protocol. Large companies, governments, and even home Wi-Fi users could all be at risk, and it’s not yet clear when patches will be issued.
DHS orders federal agencies to bolster cybersecurity with HTTPS, email authentication
The US Department of Homeland Security recently announced that federal agencies will soon be required to employ web and email encryption to boost cybersecurity protections. A step in the right direction, the roll-out of requirements consists of email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) to help prevent spam and phishing attacks, as well as implementing HTTPS for all websites.
The time for quantum computing investment ‘is now,’ experts say
We’ve seen many companies jumping into quantum computing lately, including Intel, Google and Microsoft just to name a few. According to Dr. Lily Lidong Chen, project leader and mathematician at the NIST Cryptographic Technology Group, “The time for quantum computing investment and standardization is now.” It’s especially important given that quantum computing will render current encryption standards breakable, unless companies look to quantum random number generation (QRNG). As Dr. Raymond Newell, research scientist at the Applied Physics Group at Los Alamos National Laboratory, says, “Classical computing can only create pseudo-random number generators and rely on computational difficulty as the basis of encryption, making them vulnerable to cracking by quantum computing.”
Quantum computing is coming for your encryption, it’s a matter of when
The security and policy implications of quantum computing on encryption protocols was recently the topic of discussion at The Hudson Institute in Washington, D.C. While the U.S. remains a leader in quantum computing technology, the rest of the world is quickly gaining ground. Notably, China announced a new $10 billion quantum applications research facility it’s building, displaying the country’s commitment to the importance of developing a strategic edge in the field. We can also note that Australia is certainly making its own advancements in the field, not just for quantum computing, but for the future of protecting companies with quantum-based cybersecurity.
Hacker codenamed in honour of ‘Alf’ from Home and Away stole sensitive data about Australian military projects
Highly sensitive information related to the $14 billion Joint Strike Fighter program, which is Australia’s new fleet of spy planes and several of its naval warships, was stolen by hackers who breached a Department of Defence contractor. Hackers got away with 30 gigabytes of data on the various Defence projects. The hacker has already been codenamed “Alf,” and while the data was certainly commercially sensitive, it wasn’t (thankfully) classified information. Australia is still working on where the attack originated.
Here is a “true random” story that doesn’t quite fit into the data security realm, but still caught our attention.
New bill would allow hacking victims to ‘hack back’
There’s a new bill under consideration in the U.S. government called the Active Cyber Defense Certainty Act, which would allow people and companies to hack back at their attackers if it’s determined that the goal is to “disrupt, monitor or attribute the attack, or destroy stolen files.” While the counterattack won’t allow for anything to be destroyed, aside from a company’s own stolen files, it also requires that those doing so notify the FBI National Cyber Investigative Joint Task Force. Would you like to hack back at an attacker?