Blog Posts Tagged with "Cryptography"

591c39c65cf5c298ccd0f1cd5818e961

End-to-end Encryption, Today -- Loophole Closed or Moved?

April 22, 2016 Added by:Vanishree Rao

End-to-end encryption does not solve the problem, despite the common perception that it is the holy grail of instant-messaging security. It is necessary that service providers shift their attention toward non-traditional key-derivation mechanisms to close the loophole.

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Burdens of Proof: Cryptographic Culture & Evidence Law in the Age of Electronic Documents

February 19, 2013 Added by:Ben Rothke

When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly.

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Everyday Cryptography: Fundamental Principles and Applications

November 20, 2012 Added by:Ben Rothke

Key management is one of the most important aspects of cryptography and often the most difficult. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the cryptosystem...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Insecure Cryptographic Storage Explained

July 12, 2012 Added by:Fergal Glynn

The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

The Future of Algorithms

May 17, 2012 Added by:Bill Gerneglia

Algorithms have infiltrated every application and industry on the planet. They cover standard operational control methods such as linear programming, process control and optimization, simulation, queuing, critical path analysis, project management and quality control...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography Vulnerability

April 27, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Disagreement on Password Vault Software Findings

April 12, 2012 Added by:Brent Huston

Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...

Comments  (1)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Reloaded Domain 4: Cryptography

March 28, 2012 Added by:Javvad Malik

Cryptography, the dark art of information security. The deus-ex-machina, the silver bullet, the be all and end all of all security measures, so profound cryptography was first classed as a munitions. Widely misunderstood, often poorly implemented...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

Public Key Infrastructure 1998 – 2012

March 25, 2012 Added by:Ben Rothke

PKI was and still is a powerful set of technologies. But it was a solution far ahead of its time. It was doomed by a lack of standards, interoperability issues, deployment complexities, and a level of complication that confounded even technologically competent end-users...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.6

February 23, 2012 Added by:PCI Guru

Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

Algorithms: When is Random Really Random?

February 21, 2012 Added by:Alan Woodward

The fact that we rely upon pseudorandom numbers is a potential problem for IT security. If a machine is using a known algorithm to generate a number that your system then treats as random, what is to stop an attacker from calculating that same number if he knows your algorithm...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Researchers Discover Widespread Cryptographic Vulnerabilities

February 15, 2012 Added by:Electronic Frontier Foundation

The consequences of these vulnerabilities are extremely serious. In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.5

February 12, 2012 Added by:PCI Guru

The problem with the manual option is that encryption keys are typically needed to boot the secure server or start an application that needs access to encrypted data. The security surrounding the keys becomes problematic as operations personnel need regular access...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Data at Rest: Dormant But Dangerous

February 10, 2012 Added by:Simon Heron

Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...

Comments  (0)

Page « < 1 - 2 > »