Don’t Ignore Physical Security

Most of us don’t have a very accurate idea of what a “hack” looks like in progress, because we don’t see it happen. As a result, we fall back on the Hollywood image of a skinny person in a dark room typing away on a Linux terminal, breaking through layers and layers of complex virtual

Zero Knowledge Proofs: An illustrated primer

Imagine that a real-world client wishes to log into a web server using a password. The standard ‘real world’ approach to this problem involves storing a hashed version of the password on the server. The login can thus be viewed as a sort of ‘proof’ that a given password hash is the output of a

Crypto toolbox – Part I

I think I was about 15 or 16 when PGP was making headlines for being classified as munitions by the US government and was (supposedly) banned from export. While I wasn’t a subversive type at the time, I got a very strong sense that any software that scared the mighty USA so badly was something

SS7 Vulnerabilities

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are the

Tor Is Still Safe

Tor is having a bit of a crisis, as it’s become increasingly clear that the wildly popular network isn’t the internet invisibility cloak it was once thought to be. Don’t panic. It’s not perfect, but it’s still the best we’ve got. Experts say that the best thing you can do to protect yourself is to

Just how secure is Tor?

Operation Torpedo and the campaign used last year to identify Tor-using child porn suspects demonstrate the determination feds show in bypassing Tor protections. They also underscore the feds’ rapidly growing skill. Whereas Operation Torpedo abused a six-year-old weakness that ensnared only people who ignored strenuously repeated advice, the latter operation exploited a vulnerability that had

Fake Cell Towers Found in Norway

In several locations someone has installed secret transmitters which most probably behave like fake mobile base stations. These so called IMSI-catchers can monitor all mobile activity in the vicinity. The people who run this surveillance equipment may in principle monitor every person moving in and out of the parliament building, the goverment offices or other

Linux Security Distros Compared

If you’re interested in security, you’ve probably already heard of security-focused Linux distros such as Tails, Kali and Qubes. They’re really useful for browsing anonymously, penetration testing and tightening down your system so it’s secure from would-be hackers. Here are the strengths and weaknesses of all three.

Operation Socialist

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. Last year, documents from National Security Agency whistleblower

What Is a Backdoor?

A backdoor in software or a computer system is generally an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep. But it also refers to a secret portal that hackers and intelligence agencies use to gain illicit access.

Demystifying the ‘s’ in https

As the adoption of SSL enabled websites becomes more prevalent, with major providers such as Facebook, Flickr and Google now defaulting to HTTPS, the need to be able to analyze SSL traffic is a necessary requirement. Most web filtering solutions allow you to block entire websites, for example if you want to block the whole

Rewriting the history of cyberwar

The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of commission didn’t trigger a single distress signal. That was bewildering, as was the cameras’ failure to capture the combustion in eastern Turkey. But investigators shared

Password managers update

LastPass Automatically Changes Your Passwords We saw many people struggling with where to begin that process. Even for those already using a password manager like LastPass, it still required setting aside time to navigate through each account and update passwords one by one. Until now. We’re excited to announce that the Auto-Password Change feature we

Another day, another problem

So, you wankers that use your phone for everything except making phonecalls [eBay, banking, etc], always seem to be in a world of hurt. Google App Engine has THIRTY flaws Adam Gowdiak of Polish security consultancy and research outfit Security Explorations claims to have found myriad security holes in Google’s App Engine. Gowdiak says he

What Is an Air Gap?

A true air gap means the machine or network is physically isolated from the internet, and data can only pass to it via a USB flash drive, other removable media, or a firewire connecting two computers directly. But many companies insist that a network or system is sufficiently air-gapped even if it is only separated