Linux Cryptography - Page 22 - Results from #420

Discover Cryptography News

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 54

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 55

Enhancing Web Security Through SSL Awareness and User Education

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most users ensure their Web sessions are using Secure Sockets Layer (SSL) before entering their credit card information, but less than half do so when typing their passwords onto a Web page, according to a new survey.

LinuxSecurity.com Team
Oct 08, 2009

PayPal SSL Exploit: NULL Prefix Attack Affects Browsers

The posting of a trick SSL certificate for https://www.paypal.com/us/home and its pertaining private key on the Full Disclosure security mailing list should finally force Microsoft, Google and Apple into releasing updates to fix the NULL prefix vulnerability. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers

LinuxSecurity.com Team
Oct 06, 2009

Understanding Un-Authentication Issues In Online Banking Networks

In computer security, a lot of effort is spent on the authentication problem. Whether it

LinuxSecurity.com Team
Sep 28, 2009

Exploring Encryption Challenges for Effective Data Protection

It's a security practitioners dream to deploy a technology that ensures perfect data protection 100 percent of the time. Short of unplugging a computer and locking it in a vault, few technologies come as close as encryption to nearly unbreakable data security; take the data, run it through an encryption algorithm, and it's unreadable to anyone who doesn't possess the right key to reverse the process. It can be mathematically demonstrated that retrieval of encrypted data without the encryption keys is computationally impossible within the expected lifetime of the universe.

LinuxSecurity.com Team
Sep 27, 2009

Exploring Two-Factor Authentication Risks and Cyber Threats

Schneier talks about two new attacks he is seeing to two-factor authentication. Back in 2005, I wrote about the failure of two-factor authentication to mitigate banking fraud: Man-In-The-Middle and a Trojan attack. Read on to See how two-factor authentication doesn't solve anything? In the first case, the attacker can pass the ever-changing part of the password to the bank along with the never-changing part. And in the second case, the attacker is relying on the user to log in.

LinuxSecurity.com Team
Sep 22, 2009

Effective Email Security Techniques For SMTP And IMAP Encryption

For diagnostic purposes, it can be very useful to talk directly to your SMTP or IMAP server. Things get a little more complicated when encryption rears its ugly head, but with the right tools, it doesn't have to be a black art.

LinuxSecurity.com Team
Sep 22, 2009

Journey Through 60 Years of Cryptography Techniques and Evolution

CIO magazine has a slideshow showing the 60 years of crypto, starting with the Enigma, an electric rotor machine that was used by Germany to encrypt and decrypt messages during World War II. Arthur Scherbius developed the Enigma around 1920. It goes through RSA, info on Schneier and Phil Zimmerman, and more.

LinuxSecurity.com Team
Sep 21, 2009

Exploring Encryption Complexities And Data Protection Practices

Nice comment from the Bitarmor folks on how the media and others think of "encryption" and that it's often equated with "secure" and "insecure".Let's face it, encryption is a new thing, and you have to keep things simple so people can understand it. But it frustrates me that most of the talk about encryption technology, law, policy, compliance, etc is always in terms of "encrypted" vs "unencrypted". Yeah, all your data should be encrypted. But that's the beginning of the discussion, not the end. Encryption is easy. Protecting data is hard.

LinuxSecurity.com Team
Aug 31, 2009

Keypad Security Concerns: Exploring Electronic Lock Risks and Attacks

As a security technologist, I worry that if we don't fully understand these technologies and the new sorts of vulnerabilities they bring, we may be trading a flawed technology for an even worse one. Electronic locks are vulnerable to attack, often in new and surprising ways. Start with keypads, more and more common on house doors. These have the benefit that you don't have to carry a physical key around, but there's the problem that you can't give someone the key for a day and then take it away when that day is over.

LinuxSecurity.com Team
Aug 13, 2009

iPhone 3GS Passcode Circumvention: Security Risks Identified

A mere three days after I published an article touting the enhanced security of the iPhone 3GS - see "iPhone 3GS Offers Enterprise-Class Security for Everyone", 2009-07-20 - security researcher Jonathan Zdziarski revealed a simple, only moderately technical technique for completely circumventing the iPhone's passcode lock and encryption. As a result, the iPhone 3GS encryption can no longer be considered a security control for consumers or enterprises until Apple releases a fix.

LinuxSecurity.com Team
Aug 12, 2009

New Practical Attack On AES-256: Security Risks Explored

Read Bruce Schneier's always on-target analysis of cryptography, this time with information on the new attack against AES.A new and very impressive attack against AES has just been announced. Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the paper are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same. This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating. It is a completely practical attack against ten-round AES-256:

LinuxSecurity.com Team
Aug 03, 2009

Progress in AES Attacks: Implications on Encryption Security

Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.

LinuxSecurity.com Team
Aug 02, 2009

Exploring SSL Vulnerabilities and Risks in Domain Authentication Processes

Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

LinuxSecurity.com Team
Jul 30, 2009

Black Hat USA: New Tool for Silent EV SSL Session Hijacking Unveiled

If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.

LinuxSecurity.com Team
Jul 14, 2009

Exploring IBM’s Innovative Approach to Data Analysis Without Decoding

A researcher at IBM has developed a way to analyze encrypted data without decoding it, according to a statement from IBM. The breakthrough method leverages a concept called

LinuxSecurity.com Team
Jun 29, 2009

Data Theft Risks: Importance of Data Encryption Strategies

This is a good article on the risks of not encrypting information on laptops, backup tapes, and other media, and the implications of having that data stolen. It would have been nice to have some solutions to these issues too, but perhaps that's for another article. Anyone have a favorite encryption strategy? GnuPG just released a new version. Does everyone have their key?For many companies, the data is the crown jewels. Millions of bytes are circulated every day on networks that, but for a little bit of probing, are as frail as a strand of hair and less well protected. We spend millions of dollars securing and reducing the risk of penetration from the outside, yet very few companies take the basic steps to secure their data internally. There are simple things that we can all do - such as IPSec on the wire, encryption in the backend and proper security on the desktops. We must think about more than a simple username and password scheme when it comes to securing our data from the bad guys, because, quite often, the bad guys are none other than that cute redhead who just asked you to reset her password. And it wasn

LinuxSecurity.com Team
Jun 22, 2009

GnuPG 2.0.12 Security Advisory: Key Management Improvements

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards.

LinuxSecurity.com Team
Jun 17, 2009

Explore Bruce Schneier's Cryptographic Challenge for Wired Magazine

Bruce Schneier has details on the puzzle he created for Wired. Read on to see the puzzle and try and solve it! For the April 09 issue Wired Magazine, I was asked to create a cryptographic puzzle based on the television show Lost. Specifically, I was given a "clue" to encrypt. Here are details of the puzzle and solving attempts. Near as I can tell, no one has published a solution.

LinuxSecurity.com Team
May 20, 2009

Access RSA Encryption Toolkit For Free: Join The Share Project Today

RSA, the Security Division of EMC, here today launched a program that for the first time gives developers its encryption technology tools for free. RSA traditionally had licensed only its BSAFE encryption technology, which can cost customers tens of thousands of dollars, but company officials say the timing is right to give developers easier access to tools for building more security features into applications from the ground up, rather than tacking them on later.

LinuxSecurity.com Team
Apr 27, 2009

Implementing TSIG in BIND 9: Secure DNS Communication Mechanisms

Vivek Gite submitted a nice article on implementing TSIG in BIND: Transaction signatures (TSIG) is a mechanism used to secure DNS messages and to provide secure server-to-server communication. This includes zone transfer, notify, and recursive query messages. TSIG uses shared secrets and a one-way hash function to authenticate DNS messages, particularly responses and updates.This tutorial discusses the security mechanisms implemented in BIND v8.2+ / v9.x to secure DNS messages and name servers Click-through to read more!

LinuxSecurity.com Team
Jan 27, 2009

Community Poll

More Polls

Linux Cryptography - Page 22

Linux Kernel Gains Hardware-Wrapped Encryption Keys

When Security Hinges on a Single Key: A Wake-Up Call for Admins

IPFire 2.29 Core Update 193: Key Improvements in Security and Defense