Encryption can be a mind bender – Part 2

By Bob Weiss

If you missed Part 1 of this article, it can be found at last week’s post on May 5

Hybrid Cryptography

When we use two or more cryptographic methods together, it is called Hybrid Cryptography.  Common forms of Hybrid Cryptography included the creation and sharing of Symmetric session keys, through using Asymmetric Encryption.

Not all key exchange methods require using the PKI.  Diffey-Helman, Oakley and other non-PKI key exchange ...

Continue Reading →
0

Encryption can be a mind bender – Part 1

By Bob Weiss

May the Force be with you!  It’s May the fourth, Star Wars Day.

I received an email from a CASP+ Student asking for some help with encryption.  This is what I sent.

Encryption can be a mind bender.  And then like magic, it is not.

If you are up for some outside reading (what! More reading?  Sorry) there are a couple of books that helped me

The Code Book, by Simon Singh

Crypto ...

Continue Reading →
1

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


LANtenna hack spies on your data from across the room!

Are your network cables acting as undercover wireless transmitters? What can you do if they are?


A few posts from Bruce Schneier


FBI Had the REvil Decryption Key

[2021.09.22] The Washington Post reports that the FBI had a decryption ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Is Your Company Using a FortiOS SSL VPN? Make Sure It Is Updated

Virtual private networks (VPNs) let remote employees securely connect to their companies’ networks. However, companies using Fortinet’s FortiOS SSL VPNs might be putting their networks at risk. Discover why using FortiOS SSL VPNs can be risky and what all companies need to do to ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

Original release date: July 19, 2021

Summary

This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Yes, There Really Is A Windows 11

Microsoft announces Windows 11, with a new design, Start menu, and more. A new version of Windows is officially on the way.


Urgent Alert –  WD My Book Live users wake up to find their data deleted

Storage-device maker advises customers to unplug My Book Lives ...

Continue Reading →
0

Ransomware has become a successful criminal business

Ransomware is a form of malicious software designed to restrict users from accessing their computers or files until they pay a ransom to cybercriminals.  Ransomware typically operates through the crypto virology mechanism by using symmetric as well as asymmetric encryption to prevent users from performing managed file transfers or accessing particular files or directories.  The cybercriminals are using ransomware to lock files from being accessed assuming that the locked files ...

Continue Reading →
0

When Encryption Is A Crime Only Criminals Will Have Encryption

As we enter the silly season of another Presidential Election, and possibly because of a psychological condition that I am calling COVID Mania*, the government is once again making boneheaded moves to introduce and pass legislation that would allow the federal government and law enforcement agencies easier access to encrypted messages from criminal sources.  This issue comes up every five to ten years.  It seems that agencies such as the ...

Continue Reading →
1
Page 1 of 10 12345...»