Monthly Archives: February 2015

Estonian ID card users detected Lenovo’s malware months ago

lenovo_mitm_malware

Lenovo’s been caught going a bit too far in its quest for bloatware money, and the results have put its users at risk. The company has been preloading Superfish, a “visual search” tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014. Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake.

While the rest of the world is just starting to talk about Lenovo’s malware, it turns out that Estonians have detected it already in the beginnning of 2015. This is due to the TLS client certificate authentication used by Estonian ID card, which has protection against these kind of MITM attacks.

Congratulations to Estonian ID card!
Unfortunately, Mobile-ID users are not protected against these MITM attacks.

Links:
http://id.ee/index.php?id=37045
http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html

PhD thesis: “Privacy-preserving statistical analysis using secure multi-party computation”

liina_kamm_PhD_thesis

Linna Kamm PhD thesis: “Privacy-preserving statistical analysis using secure multi-party computation”
Defense date: 09.03.2015 – 16:15 to 17:45 (J. Liivi 2-404, Tartu, Estonia)

Thesis supervisor: Senior Research Fellow Sven Laur

Opponents:
PhD Rebecca N. Wright Rutgers University (USA)
PhD George Danezis University College London

Summary:
This work focuses on how to perform statistical analyses in a way that preserves the privacy of the individual. To achieve this goal, we use secure multi-party computation. This cryptographic technique allows data to be analysed without seeing the individual values. Even though using secure multi-party computation is a time-consuming process, we show that it is feasible even for large-scale databases.

Links:
http://www.ut.ee/en/events/liina-kamm-privacy-preserving-statistical-analysis-using-secure-multi-party-computation

CyCon 2015 Call for Student Papers

cycon_logo

We are seeking novel and previously unpublished short paper which would provide an overview of a recent Master thesis in the field of cyber security. Students from various disciplines such as computer sciences, law and political sciences are invited to participate. Submissions will be evaluated based on their originality and significance to the conference’s theme “Architectures in Cyberspace”.

Best submissions will be presented and prizes awarded at CyCon 2015. The awards comprise of a free conference pass for all invited candidates and the following cash prizes for the top three student papers:
1st place: 1000 Euro
2nd place: 600 Euro
3rd place: 400 Euro

And as it turns out – under the meaningless “Architectures in Cyberspace” title falls pretty much anything.

Links:
https://ccdcoe.org/cycon/student-awards-0.html
https://ccdcoe.org/cycon-2015.html

President of Estonia gives state awards to cyber security people

president_decorations

President Toomas Hendrik Ilves will hand out 99 state decorations, same number as last year, with Siim Kallas, Andrus Ansip and Timothy John Berners-Lee receiving high honors.

In the field of IT the decoration is awarded to internationally renowned computer scientist John Berners-Lee, who invented the internet underlying network technologies such as HTTP and the first browser; Computer Doctor Dan Bogdanov, Cybernetica researcher who led the privacy preserving Sharemind system and its application development; Cybernetica researcher and company GuardTime creator, Tallinn University of Technology professor Ahto Buldas; Free WIFI spread leader Veljo hammer.

Dan Bogdanov is known for his work on secure multi-party computation. Ahto Buldas on digital timestamping and other topics.

Congratulations!

Links:
http://www.president.ee/et/meediakajastus/pressiteated/11027-2015-02-04-08-51-57/
http://www.president.ee/et/ametitegevus/otsused/11028-576-riiklike-autasude-andmine/index.html
http://news.err.ee/v/society/6665f69e-592c-45e3-94eb-a773e38ae433