More on Cyberwar
April 7, 2011 Leave a comment
Short Video from PJTV featuring an interview with Paul Rosenzweig.
Attacks on Cryptographic Systems (Part I)
March 22, 2011 8 Comments
- Soft Attacks
No matter how sophisticated the attack techniques become, one must not forget that when the ultimate goal is to obtain the secret message, coercion or social engineering are often the most effective attack techniques. These attacks are based on using physical or psychological threats, robbery, bribery, embezzlement, etc. The attacks are mostly directed to human links of the data security chain.
Social Networks have become a launching pad for these kind of attacks. In a typical soft attack such as the so-called spear-phishing, e-mail addresses and information about the victims social circle is harvested from social networks and then used to send targeted e-mail with malware that cause to reveal secret information for access to secured systems. - Brute Force Attacks
Assuming, as Kerchoff’s principle recommends, that the algorithm used for encryption and the general context of the message are known to the cryptanalyst, the brute-force attack involves the determination of the specific key being used to encrypt a particular text. When successful, the attacker will also be able to decipher all future messages until the keys are changed. One way to determine the key entails exhaustive search of the key-space (defined as the set of all possible valid keys for the particular crypto-system).
Brute force is a passive, off-line attack in which the attacker Eve passively eavesdrops the communication channel and records cipher text exchanges for further analysis, without interacting with either Alice or Bob.
To estimate the time that a successful brute-force attack will take we need to know the size of the key-space and the speed at which each key can be tested. Ifis the number of valid keys and we can test
keys per second, it will take, on average
seconds to find the proper key by brute-force.
The threat that a brute-force attack poses cannot be underestimated in the real world. Most financial institutions use cipher-systems based on DES. Keys of length 56-bits, such as the one used by the
standard implementation of DES, can be obtained by brute-force using computer hardware and software available since the late 1990’s. Indeed, to counter this possibility, most contemporary implementations of DES use a derivative known as Triple-DES (or 3-DES) which uses three different 56-bit keys instead of one. The effective key length for the combined 3-DES key is a more secure 168 bits.
Brute force analysis have been used in combination with other attacks as was the case for the deciphering of the Enigma. The famous bombes were an example of the brute-force approach working in combination with a mathematical method that provided an important reduction of the key-space.
To be continued…..
The Stuxnet Encyclopedia
February 18, 2011 Leave a comment
Symantec published the most comprehensive and detailed analysis of the Stuxnet virus to date.
Cyber war or hacking as usual?
February 18, 2011 Leave a comment
The Government of Canada was hit by a phishing attack from servers outside the country.
This attack follows the trend described here by RSA.
Was it in retaliation for this?
2011 at its Prime
January 5, 2011 Leave a comment
The fact that 2011 is a prime number didn’t escape the mathematical inclined minds. Moreover, as tweeted @mathematicsprof 2011 can be expressed as the sum of the 11 consecutive primes 157+163+167+173+179+181+191+193+197+199+211.
This already sets the stage for a year that, I will dare to predict, will not be easily forgotten. A confluence of processes already in motion may result in drastic changes for the world and in particular the Internet. To wit:
- Cyber-attacks can get ‘physical’ as the stuxnet virus proved,
- There is a struggle to control the internet at all levels,
- Privacy and mobile computers have compatiblility issues,
- All this against the backdrop of economical and political turmoil.
As the Chinese say “May you live in interesting times” ….
Check the strength of passwords
December 11, 2010 Leave a comment
A cool application for checking the strength of passwords
del.icio.us Tags: authentication,
hacking,software,passwords,
insecurity,anti-tamper,Cryptoblog
Now we are really secure….
December 7, 2010 2 Comments
That is a good idea, take your source code and give it to some guy bent on getting all your secrets to increase the security of your data:
Security Nightmare: Chinese Government Has Microsoft Windows Source Codes.
The world is REALLY in the hands of crazy people
If you think we have problems now….
November 23, 2010 2 Comments
wait until we have a smart grid powered by MS and Google and scores of hackers designing the replacement for Stuxnet.
Google provides a giggle
May 15, 2010 Leave a comment
Google spinsters could become handy next time you are “mistankenly collecting” wi-fi traffic form your neighbours. 😉
UPDATE
The Canadian government concluded today that Google’s collection of fragments of Wi-Fi transmissions violated the law, but also said that the recording was the “result of a careless error” and was not intentional.
Read the whole thing at Cnet
About this blog
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
Crypto Book
SANS – Securing the Human
ID Theft Resources
CryptoBlog - Data Security and Information Theory 
Recent comments