#e2ee #e2eencryption

AMD: Microcode Signature Verification Vulnerability

"... security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches."

https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

This is exactly the attack against which #confidentialcomputing should protect us

And it won't, when the attacker has access to ring0 of the hardware. Everywhere you don't run yourself.

"End-to-end encryption means that the information is scrambled in transit and only the sender and recipient can access it. Regular text messages (SMS messages) and voice calls are usually not encrypted, and can be intercepted in transit or stored on a carrier’s server for extended periods of time.

Email services such as Gmail and Outlook generally offer encryption in transit, which means they can be read on the companies’ servers and by the end users. Messages that are encrypted in transit can’t be nabbed from a telecom network in an accessible format, but they could be accessed through an email service provider or a law enforcement request to that company.

End-to-end encryption—the kind offered by services like WhatsApp and Signal—is considered the best bet for privacy, particularly when paired with the option to auto-delete messages after a set period of time, says Mullin."

https://www.inc.com/jennifer-conrad/why-you-should-start-using-encrypted-communications-today/91034632

#CyberSecurity #Privacy #Discord #E2EE #E2EEncryption #SocialMedia: "Last year, we announced that we were experimenting with new encryption protocols and technologies for audio and video calls on Discord. After extensive experimenting, designing, developing, and auditing, we’re excited to announce Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short), which we like to refer to as our DAVE protocol.

Discord is committed to protecting the privacy and data of the roughly 200 million people who use our platform every month. As we continue to be a place that helps our users deepen friendships around games and shared interests, we are thrilled to be launching more secure and private voice and video calls.

Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You will be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls.

We’d like to explain why we’re bringing E2EE A/V to Discord, share our design and implementation goals, and provide a high-level technical overview of how the new protocol works."

https://discord.com/blog/meet-dave-e2ee-for-audio-video

DeepSec 2024 Press Release: State Attacks on Information Security continue unabated. End-to-end Encryption remains an important and threatened Component of Security.

The introduction of strong encryption has repea

https://blog.deepsec.net/deepsec-2024-press-release-state-attacks-on-information-security-continue-unabated-end-to-end-encryption-remains-an-important-and-threatened-component-of-security/