35 Years of the Digest ... founded August 21, 1981
The Telecom Digest for Thu, 19 Oct 2017
Volume 36 : Issue 129 : "text" format

Table of contents
Smartphones Are Killing Americans, But Nobody's Counting Monty Solomon
Is CenturyLink Getting Ready To Leave Louisiana?Bill Horne
Infineon RSA Key Generation IssueMonty Solomon
Millions of high-security crypto keys crippled by newly discovered flawMonty Solomon
---------------------------------------------------------------------- Message-ID: <56C098C3-B502-48D8-A253-0CD4619C5A5D@roscom.com> Date: Wed, 18 Oct 2017 01:31:02 -0400 From: Monty Solomon <monty@roscom.com> Subject: Smartphones Are Killing Americans, But Nobody's Counting Smartphones Are Killing Americans, But Nobody's Counting By Kyle Stock, Lance Lambert, and David Ingold Amid a historic spike in U.S. traffic fatalities, federal data on the danger of distracted driving are getting worse. Jennifer Smith doesn't like the term "accident." It implies too much chance and too little culpability. A "crash" killed her mother in 2008, she insists, when her car was broadsided by another vehicle while on her way to pick up cat food. The other driver, a 20-year-old college student, ran a red light while talking on his mobile phone, a distraction that he immediately admitted and cited as the catalyst of the fatal event. https://www.bloomberg.com/news/articles/2017-10-17/smartphones-are-killing-americans-but-nobody-s-counting ------------------------------ Message-ID: <20171016184701.GA3947@telecom.csail.mit.edu> Date: Mon, 16 Oct 2017 14:47:01 -0400 From: Bill Horne <bill@horneQRM.net> Subject: Is CenturyLink Getting Ready To Leave Louisiana? Monroe-based CenturyLink is one of the largest Louisiana-based public companies. It employs 2,700 workers in Louisiana and has a Louisiana payroll of around $200 million. Recently, the company purchased Colorado-based Level 3. Level 3 CEO Jeff Storey is set to become the new CEO of CenturyLink in 2019. However, Storey is planning on staying in Colorado and won't move to Monroe. That has set off fears that the company is planning to leave Louisiana. http://thehayride.com/2017/10/centurylink-getting-ready-leave-louisiana/ -- Bill Horne (Remove QRM from my email address to write to me directly) ------------------------------ Message-ID: <8E9ADF7E-5341-46A9-AC4A-96A3119741B4@roscom.com> Date: Mon, 16 Oct 2017 15:30:46 -0400 From: Monty Solomon <monty@roscom.com> Subject: Infineon RSA Key Generation Issue Infineon Technologies, one of Yubico's secure element vendors, informed us of a security issue in their firmware cryptographic libraries. The issue affects TPMs in millions of computers, and multiple smart card and security token vendors. This page provides information to help you determine whether you are affected, and how to address this issue. For Yubico this issue weakens the strength of on-chip RSA key generation, and affects some use cases for the Personal Identify Verification (PIV) smart card and OpenPGP functionality of the YubiKey 4 platform. Yubico has issued a security advisory on this issue. https://www.yubico.com/keycheck/ ------------------------------ Message-ID: <5B2E7F77-7BD1-4C56-883A-5C12DCB0BF67@roscom.com> Date: Mon, 16 Oct 2017 17:49:57 -0400 From: Monty Solomon <monty@roscom.com> Subject: Millions of high-security crypto keys crippled by newly discovered flaw Millions of high-security crypto keys crippled by newly discovered flaw Factorization weakness lets attackers impersonate key holders and decrypt their data. A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ ------------------------------ ********************************************* End of telecom Digest Thu, 19 Oct 2017

