In the O.J. Simpson case, one of its early lawsuit efforts, DirecTV had an investigator on-site who physically turned on Simpson’s TVs and saw the unscrambled DirecTV programming. But this kind of evidence was hugely expensive to collect and required law enforcement help. Most later DirecTV cases were based merely on device purchase lists; DirecTV had no idea what people like Treworgy were actually doing inside the walls of their homes.
In the Treworgy case, both the district court and the 11th Circuit Court of Appeals ruled that simple ownership did not create “a private right of action against a person in possession of access devices in violation of section 2512(1) (b).” In other words, DirecTV couldn’t sue people just for buying a card or a bootloader; they had to show actual illegal activity. //
After the judge ruled against Simpson, the only remaining issue was how much he would owe in damages.
DirecTV had requested $20,000 under each of two separate laws, for a total of $40,000. The judge noted that Simpson had not “used the devices commercially or for resale,” so she declined to award the full request. Instead, DirecTV got $15,000 in damages under the first statute and $10,000 under the second, for a total of $25,000.
The higher cost, though, came from legal fees. DirecTV submitted a motion for Simpson to pay its lawyers after his loss, and the judge agreed to a $33,678 legal bill.
The court granted final judgment on November 29, 2005, ruling that “the Juice” owed DirecTV a grand total of $58,678. It was pricey, yes—but in a way, Simpson got off cheap. When the recording industry launched its own mass lawsuit campaign, college students and single moms were eventually hit with $675,000 or even $1.92 million verdicts.
FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. If you need to generate a QR code, try our QR code generator.
FreeOTP implements open standards: HOTP and TOTP. This means that no proprietary server-side component is necessary: use any server-side component that implements these standards. We recommend FreeIPA.
age is a simple, modern and secure file encryption tool, format, and Go library.
It features small explicit keys, post-quantum support, no config options, and UNIX-style composability.
Get things from one computer to another, safely.
This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
The codes are short and human-pronounceable, using a phonetically-distinct wordlist. The receiving side offers tab-completion on the codewords, so usually only a few characters must be typed. Wormhole codes are single-use and do not need to be memorized.
For complete documentation, please see https://magic-wormhole.readthedocs.io or the docs/ subdirectory.
Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away.
There are, as you’re about to see, lots of problems with PGP. Fortunately, if you’re not morbidly curious, there’s a simple meta-problem with it: it was designed in the 1990s, before serious modern cryptography. No competent crypto engineer would design a system that looked like PGP today, nor tolerate most of its defects in any other design. Serious cryptographers have largely given up on PGP and don’t spend much time publishing on it anymore (with a notable exception). Well-understood problems in PGP have gone unaddressed for over a decade because of this.
Two quick notes: first, we wrote this for engineers, not lawyers and activists. Second: “PGP” can mean a bunch of things, from the OpenPGP standard to its reference implementation in GnuPG. We use the term “PGP” to cover all of these things. //
If we’ve learned 3 important things about cryptography design in the last 20 years, at least 2 of them are that negotiation and compatibility are evil. The flaws in cryptosystems tend to appear in the joinery, not the lumber, and expansive crypto compatibility increases the amount of joinery. Modern protocols like TLS 1.3 are jettisoning backwards compatibility with things like RSA, not adding it. New systems support just a single suite of primitives, and a simple version number. If one of those primitives fails, you bump the version and chuck the old protocol all at once.
If we’re unlucky, and people are still using PGP 20 years from now, PGP will be the only reason any code anywhere includes CAST5. We can’t say this more clearly or often enough: you can have backwards compatibility with the 1990s or you can have sound cryptography; you can’t have both. //
This isn’t going to get fixed. To make actually secure email, you’d have to tunnel another protocol over email (you’d still be conceding traffic analysis attacks). At that point, why bother pretending?
Encrypting email is asking for a calamity. Recommending email encryption to at-risk users is malpractice. Anyone who tells you it’s secure to communicate over PGP-encrypted email is putting their weird preferences ahead of your safety.
Modern adversary tooling executes what security researchers call a real-time phishing relay, sometimes referred to as an adversary-in-the-middle (AiTM) attack. The mechanics are precise.
An adversary builds a reverse proxy that sits between the victim and the legitimate service. When the victim enters credentials on the spoofed page, the proxy forwards those credentials to the real site in real time.
The real site responds with an MFA challenge. The proxy forwards that challenge to the victim. The victim responds — because the page looks legitimate and the MFA prompt is real. The proxy forwards the response. The adversary receives an authenticated session.
Push notification MFA, SMS one-time codes, and TOTP authenticator apps are all vulnerable to this relay. They authenticate the exchange of a code. They do not verify that the individual completing the exchange is the authorized account holder. They cannot distinguish a direct session from a proxied one. //
The deeper problem is that the authentication architecture most organizations have deployed was not designed to answer the question that actually matters in a post-breach environment: was the authorized individual physically present and biometrically verified at the moment of authentication?
Push notifications do not answer this question. SMS codes do not answer this question. TOTP does not answer this question. USB hardware tokens answer a related but different question — they prove the registered device was present, not the authorized person. //
FIDO2/WebAuthn gets cited frequently in this conversation, and it is a meaningful step forward — but it is not sufficient on its own. Standard passkey implementations bind the credential to a device or cloud account.
Cloud-synced passkeys inherit the vulnerabilities of the cloud account: SIM swap attacks against the recovery phone number, account takeover via credential phishing, recovery flow exploitation. Device-bound passkeys prove device possession. They do not prove human presence.
Phishing-resistant authentication that closes the relay attack vector requires three properties simultaneously:
- Cryptographic origin binding: the authentication credential is mathematically tied to the exact origin domain. A spoofed site cannot produce a valid signature because the domain does not match. The attack fails before any credential is transmitted.
- Hardware-bound private keys that never leave secure hardware: the signing key cannot be exported, copied, or exfiltrated. Compromise of the endpoint does not compromise the credential.
- Live biometric verification of the authorized individual: not a stored biometric template that can be replayed, but a real-time match that confirms the authorized person is physically present at the moment of authentication.
When all three properties are present, a relay attack has no viable path. The adversary cannot produce a valid cryptographic signature from a spoofed site. They cannot relay a session because the cryptographic binding fails the moment the origin changes.
They cannot use a stolen device because the biometric verification fails without the authorized individual. They cannot social-engineer an approval because there is no approval prompt — the authentication either completes with a live biometric match at the registered hardware, or it does not complete.
Keybase is a safe, secure, and private app for everything you do online.
Chat with friends and family. Share photos, videos, and top secret documents. Collaborate to get work done, or don’t.
Whatever you do, your data is your data. Private stuff stays private. Accounts are secure against spoofing, phishing, and scamming. You can chat, share, and collaborate safely.
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography.
I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it’s largely unnecessary. I wrote up my thoughts back in 2008, in an essay titled “Quantum Cryptography: As Awesome As It Is Pointless.” //
What about quantum computation? I’m not worried; the math is ahead of the physics. Reports of progress in that area are overblown. And if there’s a security crisis because of a quantum computation breakthrough, it’s because our systems aren’t crypto-agile. //
Ray Dillinger • March 31, 2026 2:43 PM
I don’t mean to diminish the work of Bennett and Brassard. They had some amazing insights and deserve their award.
At the same time I suppose that people affiliated with various three-letter-agencies may have been consulted as to the value of their work when the Turing Awards were being considered. Those agencies, if they are behind the Kleptographic attack that appears to be happening here, may have had an interest in promoting public awareness of Quantum Crypto as a threat. Promoting public awareness of a threat is absolutely a necessary step in any campaign to use that threat as a lever to get people to do something stupid out of FUD.
So I fear that the work of Bennett and Brassard, however good it may be, would likely have gone unrecognized if not for the input of people who are, despite all protestations, unlikely to be motivated by protecting people against it.
Ray Dillinger • March 31, 2026 2:43 PM
I don’t mean to diminish the work of Bennett and Brassard. They had some amazing insights and deserve their award.
At the same time I suppose that people affiliated with various three-letter-agencies may have been consulted as to the value of their work when the Turing Awards were being considered. Those agencies, if they are behind the Kleptographic attack that appears to be happening here, may have had an interest in promoting public awareness of Quantum Crypto as a threat. Promoting public awareness of a threat is absolutely a necessary step in any campaign to use that threat as a lever to get people to do something stupid out of FUD.
So I fear that the work of Bennett and Brassard, however good it may be, would likely have gone unrecognized if not for the input of people who are, despite all protestations, unlikely to be motivated by protecting people against it.
Dachannien Ars Scholae Palatinae
16y
1,130
Subscriptor
OrvGull said:
Google has a quantum computing division. Implying they're close to some kind of breakthrough could absolutely juice their stock.
Maybe, but they actually explain the point in worrying now: Store-now-decrypt-later attacks can only really be mitigated by migrating systems to PQC. The sooner you do that, the smaller your data vulnerability surface is (in a timewise sense). If you get compromised in the future and your encrypted data gets exfiltrated, you're much better off if that data was protected with PQC. Your future vulnerability without PQC is by definition shorter if you implement now rather than later.
Based on that logic, the reason to pick, say, 2029 as a good must-implement date is because of the naturally decaying value of store-now-decrypt-later data. Even if QC isn't successful until 2039, deploying by 2029 means any vulnerable data would be 10 years old (and 10 years less valuable) by the time it gets cracked. The fact that they didn't pick a date even sooner just speaks to the monumental bulk of the task at hand.
To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public key infrastructure. Cloudflare has a much deeper dive into Merkle Trees here.
Merkle Tree Certificates, “replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs,” members of Google’s Chrome Secure Web and Networking Team wrote Friday. “In this model, a Certification Authority (CA) signs a single ‘Tree Head’ representing potentially millions of certificates, and the ‘certificate’ sent to the browser is merely a lightweight proof of inclusion in that tree.”
With the ability to intercept all link-layer traffic (that is, the traffic as it passes between Layers 1 and 2), an attacker can perform other attacks on higher layers. The most dire consequence occurs when an Internet connection isn’t encrypted—something that Google recently estimated occurred when as much as 6 percent and 20 percent of pages loaded on Windows and Linux, respectively. In these cases, the attacker can view and modify all traffic in the clear and steal authentication cookies, passwords, payment card details, and any other sensitive data. Since many company intranets are sent in plaintext, traffic from them can also be intercepted. //
“Even when the guest SSID has a different name and password, it may still share parts of the same internal network infrastructure as your main Wi-Fi,” the researcher explained. “In some setups, that shared infrastructure can allow unexpected connectivity between guest devices and trusted devices.” //
The MitM targets Layers 1 and 2 and the interaction between them. It starts with port stealing, one of the earliest attack classes of Ethernet that’s adapted to work against Wi-Fi. An attacker carries it out by modifying the Layer-1 mapping that associates a network port with a victim’s MAC—a unique address that identifies each connected device. By connecting to the BSSID that bridges the AP to a radio frequency the target isn’t using (usually a 2.4GHz or 5GHz) and completing a Wi-Fi four-way handshake, the attacker replaces the target’s MAC with one of their own. //
For now, client isolation is similarly defeated—almost completely and overnight—with no immediate remedy available.
At the same time, the bar for waging WEP attacks was significantly lower, since it was available to anyone within range of an AP. AirSnitch, by contrast, requires that the attacker already have some sort of access to the Wi-Fi network. For many people, that may mean steering clear of public Wi-Fi networks altogether.
If the network is properly secured—meaning it’s protected by a strong password that’s known only to authorized users—AirSnitch may not be of much value to an attacker. The nuance here is that even if an attacker doesn’t have access to a specific SSID, they may still use AirSnitch if they have access to other SSIDs or BSSIDs that use the same AP or other connecting infrastructure. //
Probably the most reasonable response is to exercise measured caution for all Wi-Fi networks managed by people you don’t know. When feasible, use a trustworthy VPN on public APs or, better yet, tether a connection from a cell phone.
Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.
The team, comprised of researchers from ETH Zurich and Università della Svizzera italiana (USI), examined the "zero-knowledge encryption" promises made by Bitwarden, LastPass, and Dashlane, finding all three could expose passwords if attackers compromised servers. //
As one of the most popular alternatives to Apple and Google's own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.
The HashCheck Shell Extension makes it easy for anyone to calculate and verify checksums and hashes from Windows Explorer. In addition to integrating file checksumming functionality into Windows, HashCheck can also create and verify SFV files (and other forms of checksum files, such as .md5 files). It is fast and efficient, with a very light disk and memory footprint, and it is open-source.
If you're serious about encryption, keep control of your encryption keys //
If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment. //
BitLocker is a Windows security system that can encrypt data on storage devices. It supports two modes: Device Encryption, a mode designed to simplify security, and BitLocker Drive Encryption, an advanced mode.
For either mode, Microsoft "typically" backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. "If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online," the company explains in its documentation. //
Microsoft provides the option to store keys elsewhere. Instead of selecting "Save to your Microsoft Account," customers can "Save to a USB flash drive," "Save to a file," or "Print the recovery key." //
Apple offers a similar device encryption service called FileVault, complemented by its iCloud service. The iCloud service also offers an easy mode called "Standard data protection" and "Advanced Data Protection for iCloud."
Introducing Confer, an end-to-end AI assistant that just works.
Moxie Marlinspike—the pseudonym of an engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
His latest brainchild is Confer, an open source AI assistant that provides strong assurances that user data is unreadable to the platform operator, hackers, law enforcement, or any other party other than account holders. The service—including its large language models and back-end components—runs entirely on open source software that users can cryptographically verify is in place.
Data and conversations originating from users and the resulting responses from the LLMs are encrypted in a trusted execution environment (TEE) that prevents even server administrators from peeking at or tampering with them. Conversations are stored by Confer in the same encrypted form, which uses a key that remains securely on users’ devices. //
All major platforms are required to turn over user data to law enforcement or private parties in a lawsuit when either provides a valid subpoena. Even when users opt out of having their data stored long term, parties to a lawsuit can compel the platform to store it, as the world learned last May when a court ordered OpenAI to preserve all ChatGPT users’ logs—including deleted chats and sensitive chats logged through its API business offering. Sam Altman, CEO of OpenAI, has said such rulings mean even psychotherapy sessions on the platform may not stay private. Another carve out to opting out: AI platforms like Google Gemini may have humans read chats.
"So one of the things that we're seeing is the whole movement away from passwords to passkeys – a certificate-based authentication wrapped in a usability shrink wrap," Forrester VP and analyst Andras Cser told The Register.
Passkeys are typically what security folks mean when they say "phishing-resistant MFA." They replace passwords, and instead use cryptographic key pairs with the public key stored on the server and the private key – such as the user's face, fingerprints, or PIN – stored on the user's device. higher bandwidth demands.
Windows command line utility to compute hash of directories and files - idrassi/DirHash
Possible values for HashAlgo (not case sensitive):
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
- Streebog
- Blake2s
- Blake2b
- Blake3
- Any combination of the above separated by comma, except when -verify is used
If HashAlgo is not specified, Blake3 is used by default.
ResultFileName specifies an optional text file where the result will be appended.
It’s still legal to pick locks, even when you swing your legs.
“Opening locks” might not sound like scintillating social media content, but Trevor McNally has turned lock-busting into online gold. A former US Marine Staff Sergeant, McNally today has more than 7 million followers and has amassed more than 2 billion views just by showing how easy it is to open many common locks by slapping, picking, or shimming them.
This does not always endear him to the companies that make the locks. //
Wheels Of Confusion Ars Legatus Legionis
16y
73,932
Subscriptor
The company claimed to have this case locked up from the start, but it was picked apart embarrassingly quickly.
Scientists at the University of California, San Diego, and the University of Maryland, College Park, say they were able to pick up large amounts of sensitive traffic largely by just pointing a commercial off-the-shelf satellite dish at the sky from the roof of a university building in San Diego.
In its paper, Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites [PDF], the team describes how it performed a broad scan of IP traffic on 39 GEO satellites across 25 distinct longitudes and found that half of the signals they picked up contained cleartext IP traffic.
This included unencrypted cellular backhaul data sent from the core networks of several US operators, destined for cell towers in remote areas. Also found was unprotected internet traffic heading for in-flight Wi-Fi users aboard airliners, and unencrypted call audio from multiple VoIP providers.
According to the researchers, they were able to identify some observed satellite data as corresponding to T-Mobile cellular backhaul traffic. This included text and voice call contents, user internet traffic, and cellular network signaling protocols, all "in the clear," but T-Mobile quickly enabled encryption after learning about the problem.
More seriously, the team was able to observe unencrypted traffic for military systems including detailed tracking data for coastal vessel surveillance and operational data of a police force.
In addition, they found retail, financial, and banking companies all using unencrypted satellite communications to link their internal networks at various sites. The researchers were able to see unencrypted login credentials, corporate emails, inventory records, and information from ATM cash dispensers.