DecryptedTech

Saturday13 August 2022

Displaying items by tag: Security

Monday, 01 February 2016 05:51

Norse Corp could be a thing of the past

Norse Corp, famous for their live attack map and Viking based parties at Black Hat, could be having some financial issues. At least that is the word from researcher Brian Krebs. Over the last couple of weeks they have laid off 30% of their staff and let their CEO go. Neither of the occurrences is good news for a company that is relatively new (Norse was founded in 2010). The basis of the business was to provide a nimble product that would allow for better threat tracking and blocking. Everything was centered on the use of live information to help prevent and mitigate attacks.

Published in News

One cool thing about working in IT is that things are very predictable. You generally know how a system or application will react if you do this or that to it. This is how people find and use exploits in software and even hardware. You look at how an application works and identify ways you can use those processes against it. It is like digital judo. However, what many people do not really get is that this also works when setting up a larger organization for an attack. If you can track how they will respond to a particular threat, you can use it against them in very interesting ways.

Published in News

Tor has pushed out a new version of its privacy enhancing Tor Browser Bundle. We are up to 5.5 now and, according to the Tor Project it is a full stable release. The update fixes a laundry list of bugs and also covers some usability issues that have been plaguing the software for some time. One interesting note is that they are finally working on blocking ways of fingerprinting users through different mechanisms (resolution, keyboard type etc.).

Published in News

It seems that the stars might finally align to remove one of the largest security holes in the history of… well history itself. Oracle is announcing that it is finally getting rid of the Java Browser Plug-in… sometime. According to a blog post on the Oracle page they are aware that most (if not all) browsers are already blocking plug-ins like the one in the Java Runtime Environment. These are for security, stability and performance, and really should have been done a long time ago. Over the last few years the Java browser plug-in (along with Flash) has been the vector of choice for many web-based attacks.

Published in News

The world of copyright and patents is one of ignorance, greed and just plain stupidity. This is, sadly, on just about all sides of the game. From the people complaining all the way to the judges asked to decide these cases. We have already talked (at length) about the fantasy math the copyright holders use in determining damage and the massive impacts on privacy that they want to further their causes, but now we area in a situation where they have “won” something that no one every should have even considered.

Published in Editorials

In the war against (yes against) encryption there are many things to hide behind. One of the most frequently used is that criminals will use it to mask their dastardly deeds. The term criminal is, of course interchangeable with just about any other popular bad guy; pedophile, drug dealer, terrorist…. You know the list. Anytime there is even a hint that one of these media boogeymen used some sort of encryption, we hear that law enforcement and the government need to be able to break encryption.

Published in Editorials
Friday, 22 January 2016 09:01

Security and Privacy are the same argument.

In the fast paced and insanely stupid argument between privacy advocates and national security advocates we often hear how we need to give up one or the other. The security guys say that privacy will block criminal activity so we need to give up some of that. On the other side the Privacy gang feels that giving up privacy is only hurting the people that are not doing anything wrong. They also feel it has an impact on free speech and limits discourse. What neither side is getting is that they both are right. Strong privacy protections and encryption allow for better and more secure communication. The complement each other in a way that no one seems to get.

Published in Editorials

You would think that in 2016 the people in power would either understand technology, or would have been replaced by someone that does. Sadly, this is not the case in… well just about every place there is an elected official. Over the past few years we have seen some very stupid bit of technical legislation come over the wire. Everything from kill switches in smartphones to backdoors in software and encryption standards. All of the legislation proposed read like they were written by someone that has no clue about technology, but might watch a lot of TV… and bad TV at that.

Published in News
Tuesday, 29 December 2015 10:17

191 Million US Voter Records out on the open web

You have to love how easy it is to find information out in the wilds of the internet. In the last couple of weeks a number of cloud-databases have been found to be leaking data to the interment due to an almost total lack of security. The latest one seems to be a group of 191… Million voters in the US. Yup, if you have voted in any election since 2000 your personal information is out there on the open internet. The information that is out contains names, addresses, party affiliation and voter ID numbers… it is not as bad as it could be, but it is still bad.

Published in News

There is a report that over the holidays several retailers disabled the EMV (Chip and Pin) functionality of their card readers. The reason for this? They did not want to deal with the extra time it takes for a transaction. With a standard card swipe (mag-swipe) you are ready to put in your pin and pay in about three seconds. With EMV this is extended to roughly 10 seconds. Of course when you add in all of the other items that retailers throw in (are you are rewards member?) your checkout time can be lengthened quite a bit.

Published in News
Page 12 of 46