VB Migration

Tag: encryption

  • New tool helps ransomware victims indentify the malware family

    Malware infections are never fun, but ransomware is particularly nasty and the plague doesn’t seem likely to cease any time soon: new families are spotted almost daily. A small silver lining in this dark cloud is the fact that crypto is hard for the bad guys too: they have made many mistakes implementing their encryption…

  • When it comes to online banking, sub-optimal encryption isn’t our biggest concern

    Malware authors and scammers won’t attack the crypto. Under the headline “no zero-day necessary”, Xiphos has published a rather scary blog post on the state of SSL security within the UK’s finance industry. It concludes that more than 50% of UK-owned retail banks have weak SSL implementations on their online banking sites, with 14% of…

  • Will DIME eventually replace email?

    Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as ‘post-Snowden’, it is often said that email is broken. After all, a lot of email is still flowing over the Internet unencrypted, and even if encryption is used for email delivery, that…

  • ‘RansomWeb’ ransomware targets companies’ databases

    Encryption first added as a patch, key only removed when all backups are encrypted. Make backups, they said. Then you won’t have to worry about ransomware, they said. Ransomware has quickly become one of the most frustrating kinds of cyber attack. We all know that our devices could suddenly die, and if this leads to…

  • POODLE attack forces the Internet to move away from SSL 3.0

    Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks. After Heartbleed and Shellshock, or the SSL/TLS attacks CRIME and BEAST, ‘POODLE’ does sound rather cute. Yet the vulnerability in version 3.0 of the SSL protocol that was disclosed by Google researchers yesterday is fairly serious and shouldn’t be…

  • Crypto blunder makes TorrentLocker easy to crack

    Use of single XOR key leaves ransomware open to known-plaintext attack. It has been said many times before: cryptography is hard. Earlier this year, the authors of the ‘Bitcrypt’ ransomware discovered this too, when they confused bytes and digits and made their encryption keys easy to crack. ‘TorrentLocker’ is a new kind of encryption ransomware…

  • OpenSSL vulnerability lets attackers quietly steal servers’ private keys

    Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators: CVE-2014-0160 allows an attacker to read the memory of a vulnerable server and thus obtain private encryption keys, passwords and other kinds of sensitive information. OpenSSL is a widely used open-source implementation…

  • Researchers crack ransomware encryption

    ‘Bitcrypt’ authors confused their bytes and digits. Two French researchers have found a serious vulnerability in a new piece of ransomware that has allowed them to crack the keys used by the malware to encrypt the victim’s files. CryptoLocker has become known as the unfortunate crypto success story of 2013. While stories about broken cryptography…

  • There is a place for unauthenticated key exchange, but don’t tell anyone

    Making dragnet surveillance harder justifies using weak form of encryption. Discussions on how to make the Internet more secure have been going on ever since the first two computers were connected. Recently, however, Snowden’s revelations about surveillance on a scale that was hitherto only imagined by the most paranoid have made some of these discussions…

  • Symantec buys key pair of encryption firms

    PGP and GuardianEdge snapped up in surprise dual acquisition. Symantec has announced the acquisition of two separate firms specialising in encryption and email security. The deals were completed in cash with PGP , a renowned specialist in public key cryptography, costing $300 million and GuardianEdge , which also provides encryption and data loss prevention solutions,…