Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...

Why has Microsoft been routing example.com traffic to a company in Japan?

From the Department of Bizarre Anomalies: Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a ...
Ars Technica

How to encrypt your PC’s disk without giving the keys to Microsoft

In early 2025, Forbes reports, investigators at the FBI served Microsoft with a warrant seeking the BitLocker encryption recovery keys for several laptops it believed held evidence of fraud in Guam’s ...