all InfoSec news
Hyundai Uses Example Keys for Encryption System
Aug. 22, 2022, 11:38 a.m. | Bruce Schneier
Schneier on Security www.schneier.com
This is a dumb crypto mistake I had not previously encountered:
A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.
[…]
“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]”.
[…]
Luck held out, …
More from www.schneier.com / Schneier on Security
Microsoft and Security Incentives
1 day, 5 hours ago |
www.schneier.com
Friday Squid Blogging: Squid Trackers
4 days, 19 hours ago |
www.schneier.com
Other Attempts to Take Over Open Source Projects
6 days, 5 hours ago |
www.schneier.com
X.com Automatically Changing Link Text but Not URLs
1 week, 1 day ago |
www.schneier.com
New Lattice Cryptanalytic Technique
1 week, 2 days ago |
www.schneier.com
Upcoming Speaking Engagements
1 week, 3 days ago |
www.schneier.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Specialist
@ Lely | Maassluis, Netherlands
IT Security Manager (Corporate Security) (REF822R)
@ Deutsche Telekom IT Solutions | Budapest, Hungary
Senior Security Architect
@ Cassa Centrale Banca - Credito Cooperativo Italiano | Trento, IT, 38122
Senior DevSecOps Engineer
@ Raft | Las Vegas, NV (Remote)
Product Manager - Compliance
@ Arctic Wolf | Remote - Colorado