“Quantum cryptography uses photons and physics to generate cryptographic keys”
What is quantum cryptography?
Quantum cryptography is NOT a new algorithm to encrypt and decrypt data. Rather it is a technique of using photons to generate a cryptographic key and transmit it to a receiver using a suitable communication channel. A […]
This is a guest lecture by Egor Tolstoy. Egor is a full-time iOS developer working at Rambler&Co and living with his lovely wife in Moscow, Russia. In his spare time he investigate iOS applications for different vulnerabilities and blogs about my research.
Parse is a wonderful BaaS which helps with […]
In this third part of the series, we will see something similar to the second article but a little bit more advanced. This article will cover the Digital Signature Algorithm (DSA) and Digital Signature Standard (DSS).
2. Tools Needed
The target file (CryptoChallenge3.exe)
DSAK: My own DSA/DSS Keygenerator (requires dotNetFx4)
Near Field Communication (NFC) is shaping the future of mobility and is becoming the system of choice for mobile payments. NFC is a technology that has been around already for years, but has gained much attention after Apple announced that the new IPhone 6 line was fitted with the […]
The Internet of Things (IoT) is one of the paradigms that will influence our society most of all in the next few years, and it is already conditioning the IT industry.
With the term “Internet of Things” we commonly refer the objects that could be interconnected and uniquely identified. At […]
Spoiler alert: Those who haven’t yet seen the film, but plan to, please skip to the summary.
Hollywood has tried to depict cyberwarfare and “hacking” many times. Hackers and The Net are just a couple of examples.
Blackhat, a Michael Mann directed film, debuted in wide theatrical release on January 16th. […]
The virtual space has over time become something of real importance for business, politics, work, communities and communications.
In becoming gradually more and more dependent and addicted to the Internet, individuals, companies, organizations and governments have raised (or are raising) awareness of being intimately vulnerable to attacks and threats of […]
Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered.
SSLv3 is an old version of the SSL protocol, dating back to […]
‘Session Hijacking’ is an old and routine topic in the field of application security. To make it more interesting, in this article, we are going to focus on different ways it can be performed.
Introduction for beginners
Web applications communicate using HTTP protocol. HTTP is stateless, which means there is no […]
Some time ago, Kaspersky discovered and reported a new type of malicious program called Tyupkin, which targets ATM machines by moving beyond targeting consumers with card skimmers that steal debit card numbers to directly getting cash from an ATM without the need for a counterfeit or stolen card.
At the […]
Everyone knows that drug prohibition has done nothing to stop the sale and consumption of illegal drugs.
The risk of getting into criminal trouble exists, especially if you don’t benefit from white privilege. Our prisons are filled with countless nonviolent so-called drug offenders. But if you know where to go […]
Despite the popular image of the hacker cracking distant servers from his basement, studies show that people with legitimate access to your information pose an even bigger threat. And when information is stolen from within, it’s often harder to trace and determine the extent of the problem.
The larger your […]
Let’s start looking at the future of the IT Security landscape by reviewing the past. I made some predictions last year for InfoSec Institute. The article started off with a clever disclaimer that all subjects in the IT Security world are new and are still pioneering in their fields, […]
So as promised, I have come up with some more use cases for PCI DSS 3.0 requirements. I will try to cover as many requirements and use cases as possible in this document. So as we learned in Part 1 of this document series, we will learn more on […]
Numerous malicious attacks on computers and mobile devices as well as networks of important entities have recently made the news and have brought back to the surface the debate on cyber warfare and the dangerousness of cyber weapons.
The increasing dependence on the Internet and the recent spur of attacks […]
After I got an outstanding response to my previous article on SIEM use cases, I have now prepared a series of articles for some SIEM use cases. In this article, I will show SIEM use cases for PCI DSS 3.0 compliance. I will cover specific use cases pertaining to […]
While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists: Technological […]
In the past, cars and computers did not have many touching points. Nowadays, modern cars contain numerous computers. As Bruce Emaus, the chairman of SAE International, stated: “It would be easy to say the modern car is a computer on wheels, but it’s more like 30 or more […]
In today’s article, we will see a more advanced cryptosystem than the previous one: the ElGamal Signature scheme (not to be confused with ElGamal Encryption). So before you start reading this, read the first article for more details.
The target file (CryptoChallenge2.exe)
ELGAMALSiGNiT: An ElGamal signature scheme tool (requires dotNetFx4)