Your daily round-up of some of the other security stories in the news
Groupon grief – was it password reuse?
The Telegraph reports that crooks have hijacked a number of Groupon accounts and used them to purchase expensive items like games consoles, iPhones and holidays. Some victims have suffered thousands of pounds of losses.
Disgruntled users have taken to Twitter to criticise the popular deal peddler for its sluggish response and inability to spot fraudulent transactions.
Speaking to the Mail Online the company denied that it had been breached. It suggested that accounts may have been accessed using passwords stolen by phishing or malware attacks, or using passwords that had also been used on breached sites like LinkedIn or Yahoo.
Apple walks back on encryption deadline
At its glitzy annual World Wide Developer’s Conference (WWDC) in June, Apple announced that it would make HTTPS mandatory for virtually all App Store apps, starting 1 January 2017.
With just days to go until its self-imposed deadline the company has issued a follow up announcement on its far less eye-catching developer site that says that the HTTPS deadline has been put back until… the future.
At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year. To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed.
We’ll let you know when Apple decides what its new deadline is, even if they write it on a piece of paper and stick it to the back of the toilet door.
Post-quantum cryptography
Quantum computing is a technique that supposedly uses principles from quantum mechanics to solve computer problems in new ways. In particular, quantum computing might allow us to crack today’s encryption algorithms much more easily. (In technical terms, we might be able to solve in polynomial time some cryptographic problems that currently take exponential time.)
The jury is still out on whether quantum computing will ever deliver on its promises, but NIST (the US National Institute of Standards and Technology) isn’t about to be caught out. The standards body has begun the search for “post-quantum cryptographic algorithms” that will be useful even in a world with quantum computers:
It is intended that the new public-key cryptography standards will specify one or more additional unclassified, publicly disclosed digital signature, public-key encryption, and key-establishment algorithms that are capable of protecting sensitive government information well into the foreseeable future, including after the advent of quantum computers.
If quantum computing remains a pipe dream then NIST’s search won’t be in vain, because we’ll get a set of new and perfectly useful cryptographic algorithms anyway.
Catch up with all of today’s stories on Naked Security
Anonymous
Please tell me that ‘polynomial time’ is going to be a new cliche.
Paul Ducklin
Cliches can’t be new :-)