Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

Quantum Dots For Reliable Quantum Key Distribution

Making the exchange of a message invulnerable to eavesdropping doesn’t strictly require quantum resources. All you need to do is to encrypt the message using a one-use-only random key that is at least as long as the message itself. What quantum physics offers is a way to protect the sharing of such a key by revealing whether anyone other than sender and recipient has accessed it.

Imagine that a sender (Alice) wants to send a message to a recipient (Bob) in the presence of an eavesdropper (Eve). First, Alice creates a string of random bits. According to one of the most popular quantum communication protocols, known as BB84, Alice then encodes each bit in the polarization state of an individual photon. This encoding can be performed in either of two orientations, or “bases,” which are also chosen at random. Alice sends these photons one at a time to Bob, who measures their polarization states. If Bob chooses to measure a given photon in the basis in which Alice encoded its bit, Bob’s readout of the bit will match that of Alice’s. If he chooses the alternative basis, Bob will measure a random polarization state. Crucially, until Alice and Bob compare their sequence of measurement bases (but not their results) over a public channel, Bob doesn’t know which measurements reflect the bits encoded by Alice. Only after they have made this comparison—and excluded the measurements made in nonmatching bases—can Alice and Bob rule out that eavesdropping took place and agree on the sequence of bits that constitutes their key.

The efficiency and security of this process depend on Alice’s ability to generate single photons on demand. If that photon-generation method is not reliable—for example, if it sometimes fails to generate a photon when one is scheduled—the key will take longer to share. If, on the other hand, the method sometimes generates multiple photons simultaneously, Alice and Bob run the risk of having their privacy compromised, since Eve will occasionally be able to intercept one of those extra photons, which might reveal part of the key. Techniques for detecting such eavesdropping are available, but they involve the sending of additional photons in “decoy states” with randomly chosen intensities. Adding these decoy states, however, increases the complexity of the key-sharing process.

Photon ‘time bins’ and signal stability show promise for practical quantum communication via fiber optics

Researchers at the Leibniz Institute of Photonic Technology (Leibniz IPHT) in Jena, Germany, together with international collaborators, have developed two complementary methods that could make quantum communication via fiber optics practical outside the lab.

One approach significantly increases the amount of information that can be encoded in a ; the other improves the stability of the quantum signal over long distances. Both methods rely on standard telecom components—offering a realistic path to secure through existing fiber networks.

From hospitals to government agencies and industrial facilities—anywhere must be kept secure—quantum communication could one day play a key role. Instead of transmitting electrical signals, this technology uses individual particles of light—photons—encoded in delicate quantum states. One of its key advantages: any attempt to intercept or tamper with the signal disturbs the , making eavesdropping not only detectable but inherently limited.

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines.

“We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality to extensions while maintaining the verified icon,” OX Security researchers Nir Zadok and Moshe Siman Tov Bustan said in a report shared with The Hacker News. “This results in the potential for malicious extensions to appear verified and approved, creating a false sense of trust.”

Specifically, the analysis found that Visual Studio Code sends an HTTP POST request to the domain “marketplace.visualstudio[.]com” to determine if an extension is verified or otherwise.

AT&T rolls out “Wireless Lock” feature to block SIM swap attacks

AT&T has launched a new security feature called “Wireless Lock” that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled.

This new feature has been available for some customers for almost a year and has now been rolled out to all AT&T customers.

SIM swap attacks are when cybercriminals port, or move, a targeted phone number to a device under their control. This allows them to intercept the target’s calls, texts, and multi-factor authentication codes to breach further accounts, such as email, banking, and cryptocurrency wallets.

Hikvision Canada ordered to cease operations over security risks

The Canadian government has ordered Hikvision’s subsidiary in the country to cease all operations following a review that determined them to pose a national security risk.

The order was forwarded to Hikvision last Friday, and the matter was made public over the weekend by Mélanie Joly, Canada’s Minister of Innovation, Science and Industry.

“Following a National Security Review under the Investment Canada Act, the Government of Canada has ordered Hikvision Canada Inc. to cease all operations in Canada and close its Canadian business,” reads the announcement.

Microsoft warns of Windows update delays due to wrong timestamp

Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp.

As Redmond explains in recent advisory updates, this bug affects Windows 10 and Windows 11 systems in environments with quality update deferral policies that enable admins to delay update installation on managed devices.

While update deployment delays are an expected result when using such policies, the wrong timestamp for the June security updates will postpone them beyond the period specified by administrators, potentially exposing unpatched systems to attacks.

Physicists recreate forgotten experiment observing fusion

A Los Alamos collaboration has replicated an important but largely forgotten physics experiment: the first deuterium-tritium (DT) fusion observation. As described in the article published in Physical Review C, the reworking of the previously unheralded experiment confirmed the role of University of Michigan physicist Arthur Ruhlig, whose 1938 experiment and observation of deuterium-tritium fusion likely planted the seed for a physics process that informs national security work and nuclear energy research to this day.

“As we’ve uncovered, Ruhlig’s contribution was to hypothesize that DT fusion happens with very high probability when deuterium and tritium are brought sufficiently close together,” said Mark Chadwick, associate Laboratory director for Science, Computation and Theory at Los Alamos. “Replicating his experiment helped us interpret his work and better understand his role, and what proved to be his essentially correct conclusions. The course of nuclear fuel physics has borne out the profound consequences of Arthur Ruhlig’s clever insight.”

The DT fusion reaction is central to enabling fusion technologies, whether as part of the nation’s nuclear deterrence capabilities or in ongoing efforts to develop fusion for civilian energy. For instance, the deuterium-tritium reaction is at the center of efforts at the National Ignition Facility to harness fusion. Los Alamos physicists developed a theory about where the idea came from—Ruhlig—and then built an experiment that would confirm the import and accuracy of Ruhlig’s suggestion.