TechLetters #90 Privacy standards/design/engineering case study finds its (almost) end). Dutch dentist chain breached. Another devastating cryptanalysis of almost-standardised encryption system
Security
Dutch dentist chain paid over 2 million euros. To ransomware group. Cybercriminals paralysed the chain’s systems, stolen data (including patients). Threatened to publish it. So ransom was paid. The group confirmed the incident.
Another devastating cryptanalysis of SIDH post-quantum encryption system. Here. The encryption system that was supposed to be secure from attacks using quantum computers, yet it can be broken fast on a laptop. Still, it reached late stages of standardisation process!
Privacy
Device and Sensors Working Group at W3C finally merged privacy improvement. Here. That’s 7+ years of my work of tracking changes, assessing/auditing the feature! During this work: changes, blog notes, (!) attack demonstration, scientific papers... Security and privacy of web standards! Some background here.
Very nice description of my work on privacy of ambient light sensor (web browser changes, @w3c specification changes) here. Theory, practical attacks (stealing user's data using laptop/smartphone light sensor), to web browser amendments, to my assessments (an academic paper), to specification changes.
This is a very nice and educational case study. I've seen its potential as it explains privacy work on ALL STACK LAYERS (research, standardisation, implementation, PR/communication even...) Work on privacy is always fun. But it's hard. Research, design, development - all have challenges. I love this field, still. I'm in it for very long. And if you'd need any consulting help in this realm, reach out.
Technology Policy
Your reminder to remain skeptical about machine learning/AI performance. Especially in certain applications.
Other
In case you feel it's worth it to forward this content further:
If you’d like to share: