Intel's latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company's software guard extensions, the advanced feature that acts as a digital vault for security users' most sensitive secrets. From a report: Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a "general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus." The example is purely hypothetical. Signal spokesperson Jun Harada wrote in an email: "Intel alerted us to this paper... and we were able to verify that the CPUs that Signal uses are not impacted by the findings of this paper and therefore are not vulnerable to the stated attack." Key to the security and authenticity assurances of SGX is its creation of what are called "enclaves," or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.

An anonymous reader quotes a report from The Guardian: The Global Seed Vault, built in the Arctic as an impregnable deep freeze for the world's most precious food seeds, is to undergo a multi-million dollar upgrade after water from melting permafrost flooded its access tunnel. No seeds were damaged but the incident undermined the original belief that the vault would be a "failsafe" facility, securing the world's food supply forever. Now the Norwegian government, which owns the vault, has committed $4.4 million to improvements. [T]he vault's planners had not anticipated the extreme warm weather seen recently at the end of the world's hottest ever recorded year. "The background to the technical improvements is that the permafrost has not established itself as planned," said a government statement. "A group will investigate potential solutions to counter the increased water volumes resulting from a wetter and warmer climate on Svalbard." One option could be to replace the access tunnel, which slopes down towards the vault's main door, carrying water towards the seeds. A new upward sloping tunnel would take water away from the vault. An initial $1.6 million will be spent on investigating ways to improve the access tunnel, with the group's conclusions delivered in spring 2018. "They are going in with an open mind to find a good solution," said Aschim. "$4.4 million is for all the improvements we are doing now." The vault cost $9 million to build.

An anonymous reader quotes a report from The Guardian: It was designed as an impregnable deep-freeze to protect the world's most precious seeds from any global disaster and ensure humanity's food supply forever. But the Global Seed Vault, buried in a mountain deep inside the Arctic circle, has been breached after global warming produced extraordinary temperatures over the winter, sending meltwater gushing into the entrance tunnel. The vault is on the Norwegian island of Spitsbergen and contains almost a million packets of seeds, each a variety of an important food crop. When it was opened in 2008, the deep permafrost through which the vault was sunk was expected to provide "failsafe" protection against "the challenge of natural or man-made disasters". But soaring temperatures in the Arctic at the end of the world's hottest ever recorded year led to melting and heavy rain, when light snow should have been falling. "It was not in our plans to think that the permafrost would not be there and that it would experience extreme weather like that," said Hege Njaa Aschim, from the Norwegian government, which owns the vault. "A lot of water went into the start of the tunnel and then it froze to ice, so it was like a glacier when you went in," she told the Guardian. Fortunately, the meltwater did not reach the vault itself, the ice has been hacked out, and the precious seeds remain safe for now at the required storage temperature of -18C. But the breach has questioned the ability of the vault to survive as a lifeline for humanity if catastrophe strikes.

An anonymous reader quotes a report from The Verge: Norway's famous doomsday seed vault is getting a new neighbor. It's called the Arctic World Archive, and it aims to do for data what the Svalbard Global Seed Vault has done for crop samples -- provide a remote, impregnable home in the Arctic permafrost, safe from threats like natural disaster and global conflicts. But while the Global Seed Vault is (partially) funded by charities who want to preserve global crop diversity, the World Archive is a for-profit business, created by Norwegian tech company Piql and Norway's state mining company SNSK. The Archive was opened on March 27th this year, with the first customers -- the governments of Brazil, Mexico, and Norway -- depositing copies of various historical documents in the vault. Data is stored in the World Archive on optical film specially developed for the task by Piql. (And, yes, the company name is a pun on the word pickle, as in preserving-in-vinegar.) The company started life in 2002 making video formats that bridged analog film and digital media, but as the world went fully digital it adapted its technology for the task of long-term storage. As Piql founder Rune Bjerkestrand tells The Verge: "Film is an optical medium, so what we do is, we take files of any kind of data -- documents, PDFs, JPGs, TIFFs -- and we convert that into big, high-density QR codes. Our QR codes are massive, and very high resolution; we use greyscale to get more data into every code. And in this way we convert a visual storage medium, film, into a digital one." Once data is imprinted on film, the reels are stored in a converted mineshaft in the Arctic archipelago of Svalbard. The mineshaft (different to the one used by the Global Seed Vault) was originally operated by SNSK for the mining of coal, but was abandoned in 1995. The vault is 300 meters below the ground and impervious to both nuclear attacks and EMPs. Piql claims its proprietary film format will store data safely for at least 500 years, and maybe as long as 1,000 years, with the assistance of the mine's climate.

Reuben A. Paul, aka RAPstar, has something of a head-start when it comes to learning about computer security: his father, Mano Paul, has been a security researcher (and instructor) for many years. So Reuben grew up around computers, seeing firsthand that they're neither mysterious nor impregnable. Reuben, though, has a curious mind and his own computer security interests, and a knack for telling others about them; last month, he became the youngest-ever speaker at DerbyCon, and explained some of what he's picked up so far on what kids can learn about security, as well as what the security field can learn from kids. (One hard to dispute nugget: "Kids are the best social engineers, followed by puppies.") Ask of Reuben whatever you'd like, below (please, one question per post), and we'll get answers to selected questions when we catch up with him at next week's Houston Security Conference. (This year's conference is sold out, but there's always 2015.)

This site's "Your Rights Online" section, sadly, has never suffered for material. The revelations we've seen over the last year-and-change, though, of widespread spying on U.S. citizens, government spying in the E.U. on international conferences, the UK's use of malware against citizens, and the use of modern technology to oppress government protesters in the middle east and elsewhere shows how persistent it is. It's been a banner year on that front, and the banner says "You are being spied on, online and off." A broad coalition of organizations is calling today "The Day We Fight Back" against the growing culture of heads-they-win, tails-you-lose surveillance, but all involved know this is not a one-day struggle. (Read more, below.)

A year ago today, Superstorm Sandy struck the northeastern U.S. The storm destroyed homes — in some cases entire neighborhoods — and brought unprecedented disruptions to the New York City area's infrastructure, interrupting transportation, communications, and power delivery. It even damaged a Space Shuttle. In the time since, the U.S. hasn't faced a storm with Sandy's combination of power and placement, but businesses have had some time to rethink how much trust they can put in even seemingly impregnable data centers and other bulwarks of modernity: a big enough storm can knock down nearly anything. Today, parts of western Europe are recovering from a major storm as well: more than a dozen people were killed as the predicted "storm of the century" hit London, Amsterdam, and other cities on Sunday and Monday. In Amsterdam, the city's transportation system took a major hit; some passengers had to shelter in place in stopped subway cars while the storm passed. Are you (or your employer) doing anything different in the post-Sandy era, when it comes to preparedness to keep people, data, and equipment safe?

The call for questions went out on Feb. 10. Here are your answers. We'd like to give Prof. Moglen special thanks for taking time out from his busy schedule to do this.

termdex asks: "I've been looking to move from systems administration to network administration for the last couple years but for some set of reasons networking seems to be an impregnable area of work. My experience has been like the often clichèd 'chicken and egg' scenario. Most employers aren't interested in candiates that lack serious network admin experience (ie: 80/20 network/other), but it would seem difficult to get that level of experience if you're currently a sysadmin. What advice can Slashdot readers offer as what works best in making lateral career moves? What experiences can you relate that shows difficulty or success?"