📱 Summer intern wanted!
@exhel and I are looking for someone to help us reverse engineer Android apps this summer @ TU Graz.
→ 20 or 40hrs/week contract
→ Helpful background: Android, reversing, or messaging apps
Send a short motivation statement + CV to [email protected] AND [email protected]
Boosts appreciated! 🙏 #AndroidSecurity #ReverseEngineering #Internship
A very nice explainer why "if you're so worried about quantum computers, why haven't they factored 21 yet?" isn't a very convincing argument. Look at the labels of the graph, and how extremely close the various lines are for factoring 21 and 2048 bit numbers. Polynomial scaling remains polynomial, unfortunately, and by the time you can factor 21 you're almost ready to break RSA.
#ChatControl is now masked as "Risk Mitigation":
"Officially, explicit scanning obligations have been dropped. But a loophole in Article 4 of the new draft obliges providers of e-mail, chat and messenger services like WhatsApp to take “all appropriate risk mitigation measures.” This means they can still be forced to scan all private messages – including on end-to-end encrypted services.
“The loophole renders the much-praised removal of detection orders worthless and negates their supposed voluntary nature,” says Breyer. “Even client-side scanning (CSS) on our smartphones could soon become mandatory – the end of secure encryption.”"
Just before a decisive meeting in Brussels, digital rights expert and former Member of the European Parliament Dr. Patrick Breyer is sounding the alarm. Using a "deceptive sleight of hand," a mandatory and expanded Chat Control is being pushed through the back door, in a form even more intrusive tha
I had a bug in my new ML-DSA implementation that caused Verify to reject all signatures. I gave up debugging it (for the day) after half an hour. On a whim, I threw Claude Code at it. Surprisingly (to me!) it one-shotted it in five minutes.
A small case study of extremely useful AI tasks which are not generating a bunch of code that then requires review.
People working on post-quantum-proofing vulnerable encryption protocols (and curious onlookers) can find lots of value in this new post from Cloudflare. It discusses the herculean engineering challenges of revamping anonymous credentials that will be broken by a quantum computer. There's a growing need for this kind of privacy (for instance to make digital drivers licenses privacy preserving), which allows individuals to prove specific facts, like they have had a drivers license for more than 3 years, without divulging personal information like their birthday or place of birth. The long and short of of the challeng is that engineers can't simply drop quantum-resistant algorithms into AC protocols that currently use vulnerable ones. Instead, engineers will need to collaborate with standards bodies that build entirely new protocols, largely from scratch. The post goes on to name a few of the most promising approaches.
The world is adopting anonymous credentials for digital privacy, but these systems are vulnerable to quantum computers. This post explores the cryptographic challenges and promising research paths toward building new, quantum-resistant credentials from the ground up.
As AI agents change how the Internet is used, they create a challenge for security. We explore how Anonymous Credentials can rate limit agent traffic and block abuse without tracking users or compromising their privacy.
Sophie Schmieg
Martin Albrecht
Harry Sintonen
Filippo Valsorda
Dan Goodin
BSI