Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cryptography. Show all posts
User Security
Cryptography Cyber Security Data Privacy Threat Landscape User Security

Cryptographers Groundbreaking Discovery Enables Private Internet Searches

 

The desire for private internet searches has long been a cryptographic challenge. Historically, getting information from a public database without disclosing what was accessed (known as private information retrieval) has been a difficult task, particularly for large databases. The perfection of a private Google search, in which users can browse through material anonymously, has remained elusive due to the computational demands of such operations. 

However, a new study by three pioneering researchers has made tremendous progress in this field. They developed an innovative version of private information retrieval and expanded it to create a larger privacy method. This technique has been recognised for its pioneering potential, with plaudits expected at the annual Symposium on Theory of Computing in June 2023. 

Breaking barriers in cryptography

This development is based on a new way for discretely pulling information from huge datasets. It addresses the significant challenges of doing private searches across large databases without requiring a corresponding increase in computational effort. This technology is game-changing because it streamlines the process of conducting private searches, making them more viable and efficient. 

The strategy involves creating the database and encoding the entire dataset into a unique structure. This allows inquiries to be answered using only a small section of the structure. This novel approach indicates that a single server can host the information and do the preprocessing independently, enabling future users to retrieve data securely without incurring additional computing costs.

The future of online privacy 

While this breakthrough is noteworthy, practical applications are still being developed. The preprocessing method, as it stands, is most beneficial for extremely big databases and may not be realistic for everyday use due to existing processing performance and storage restrictions. 

Nonetheless, the research community remains optimistic. The history of cryptography reveals a similar pattern of optimising initially difficult outcomes into feasible ones. If the trend continues, private lookups from huge databases could become a reality, drastically changing our connection with the internet and significantly improving user privacy. 

A theoretical breakthrough

The new technique, invented by three cryptographers, employs a sophisticated kind of private information retrieval. It tackles the difficulty of executing private searches across large data sets without requiring additional computer resources. This concept is a major change from standard procedures, which frequently necessitate scanning whole databases to ensure secrecy. 

In a nutshell recent developments in cryptography are an important step towards enabling completely secure internet searches. This advancement has the potential to revolutionise how we access and interact with information online, putting user privacy and security first in an increasingly digital environment.
Read more »
User Privacy
API Keys Apple Cryptography Cyber Security Google Passkey Password Phishing Scams Platforms Technology User Privacy

Revolutionizing Security: Passkeys by Google and Apple

Online security has grown to be of utmost importance in a digital environment that is always changing. Passkeys, a cutting-edge authentication system that is poised to transform how we protect our accounts, are being pushed for by Google and Apple, who are leading the effort.

Passkeys, also known as cryptographic keys, are a form of authentication that rely on public-key cryptography. Unlike traditional passwords, which can be vulnerable to hacking and phishing attacks, passkeys offer a more robust and secure method of verifying user identity. By generating a unique pair of keys – one public and one private – passkeys establish a highly secure connection between the user and the platform.

One of the key advantages of passkeys is that they eliminate the need for users to remember complex passwords or go through the hassle of resetting them. Instead, users can rely on their devices to generate and manage these cryptographic keys. This not only simplifies the login process but also reduces the risk of human error, a common factor in security breaches.

Google and Apple have been at the forefront of this innovation, integrating passkey technology into their platforms. Apple, for instance, has introduced the Passkeys API in iOS, making it easier for developers to implement this secure authentication method in their apps. This move signifies a significant shift towards a more secure and user-friendly digital landscape.

Moreover, passkeys can play a pivotal role in thwarting phishing attacks, which remain a prevalent threat in the online realm. Since passkeys are tied to specific devices, even if a user inadvertently falls victim to a phishing scam, the attacker would be unable to gain access without the physical device.

While passkeys offer a promising solution to enhance online security, it's important to acknowledge potential challenges. For instance, the technology may face initial resistance due to a learning curve associated with its implementation. Additionally, ensuring compatibility across various platforms and devices will be crucial to its widespread adoption.

Passkeys are a major advancement in digital authentication. Google and Apple are leading a push toward a more secure and frictionless internet experience by utilizing the power of public-key cryptography. Users might anticipate a time in the future when the laborious practice of managing passwords is a thing of the past as this technology continues to advance. Adopting passkeys is a step toward improved security as well as a step toward a more user-focused digital environment.

Read more »
Threat Landscape
Blockchain Blockchain Fatigue Cryptography Data Integration Technology Threat Landscape

How to Identify and Overcome Blockchain Fatigue

 

With its plethora of uses and potential for transformation, the blockchain ecosystem has unquestionably changed how current technology and business processes are planned. Blockchain technology promised dramatic changes in data integrity, transparency, and peer-to-peer interactions because it was based on cryptographic principles and decentralised ideals. 

Its potential capabilities and the real-world difficulties associated with its execution, however, are in tension, as is the case with many innovative technologies. Blockchain Fatigue is a phenomena that the business community is coming to understand more and more as a result of this divergence. 

Defining blockchain fatigue 

At its core, Blockchain Fatigue is characterised by a mounting sense of disappointment among participants, including developers, financiers, and institutions. The market was overrun with several initiatives, many of which fell short of their lofty expectations, which is the main cause of the problem. 

Early adopters' and enthusiasts' aspirations frequently outweighed the difficulties of implementing blockchain solutions, resulting in projects that were either launched too soon or had serious flaws. 

In addition to the market's simple saturation, the reduction in investments, potential users' fading interest, and a discernible change from enthusiasm to scepticism are all contributing factors to the fatigue. This feeling manifests in practical ways; it is not only an abstract observation. 

This fatigue can be observed in the slowdown of new blockchain projects, investors' cautious attitude, and organisations' overall reluctance to use blockchain technologies. 

Key factors contributing to blockchain fatigue 

Understanding the dynamics of the blockchain sector requires a closer look at the particular factors that have led to Blockchain Fatigue. Despite their diversity, these elements combine to create a complex web of difficulties for stakeholders. 

Technology complexity: Blockchain is a complex system by its own nature. While promising flexibility and security, its decentralised nature also creates challenges, particularly when combining with currently in place centralised systems. The difficulty for organisations is not just in comprehending blockchain, but also in successfully using it in ways that are smooth, effective, and profitable. 

Unreal expectations: Inflated expectations accompanied the initial wave of interest in blockchain. Several projects had lofty goals in their marketing materials, but they lacked the solid foundation or well-defined plans to carry them out. Such overpromising has not only resulted in unsuccessful implementations but has also damaged confidence in the technology's true capabilities.

Financial Strains: Blockchain implementation needs a large financial investment for both the initial development and ongoing maintenance. Financial strain increased as investment returns started to decline as a result of the aforementioned difficulties. Maintaining operations amidst dimming financial prospects has been a challenging undertaking for startups and even established businesses. 

Overcoming challenges

The blockchain ecosystem's players must develop comprehensive strategies to revitalise the ecosystem rather than just reacting when challenges mount. This calls for a combination of reality, ongoing education, cooperation, and support for regulatory coherence. 

Setting realistic goals: In a time where high claims abound, it is crucial to get back to the fundamentals. This entails organising blockchain initiatives around specific, attainable goals. Projects can maintain their credibility and guarantee steady progress by concentrating on concrete results rather than lofty ambitions. 

Continuous learning and skill development: The dynamic nature of blockchain necessitates that professionals be lifelong learners. To stay current with technological changes, regular training sessions, workshops, and certifications are necessary. Professionals that possess up-to-date information can reduce difficulties and develop novel solutions. 

Collaboration: In the blockchain community, the adage "United we stand, divided we fall" has special meaning. Organisations can employ common resources and expertise through partnering with peers, joining consortiums, and forging partnerships. Such synergies not only encourage creativity but also reduce risks, increasing the likelihood that a project will succeed.
Read more »
Technology
Cryptography Data Privacy Data Safety Encryption Key Technology

The Role of Cryptography in Data Safety

 

By using codes, the information security strategy of cryptography shields business data and communications from online threats. Security professionals describe it as the art of concealing information to guard against unauthorised access to your data. 

This technique employs mathematical principles and a series of calculations based on rules, known as algorithms, to alter messages in ways that are challenging to understand. It also refers to secure information and communication systems. 

Then, these algorithms are applied to the creation of cryptographic keys, digital signing, data privacy protection, internet browsing, and private email and credit card transactions. Confidentiality, integrity, authentication, and non-repudiation are only a few of the information security-related goals that are met by cryptography. In this article, we analyse what this tell us regarding cryptography. 

Safeguards data privacy 

In terms of cryptography, privacy is of utmost importance. It indicates that the transmitted information is secure from unauthorised access at all points in its lifetime and can only be accessed by those with the proper authorization. 

The privacy of individuals whose personal information is held in enterprise systems must be protected, which calls for confidentiality. Therefore, the only way to guarantee that the data is secure while it is being stored and delivered is through encryption. 

Without the proper decryption keys, encrypted data is practically useless to unauthorised individuals even when the transmission or storage media has been compromised. 

Data's integrity is ensured 

Integrity in the context of security refers to the accuracy of information systems and the data they include. Integrity refers to the ability of a system to transport and process data in a predictable manner. 

The data is unchanged even after processing. Data integrity is guaranteed by cryptography employing message digests and hashing techniques. 

The receiver is made certain that the data received has not been tampered with during transmission by supplying codes and digital keys to confirm that what is received is authentic and comes from the intended sender. 

Maintain information security using effective cryptography techniques

One of the primary concerns for firms trying to compete in the modern business environment is information security. Cryptography can help you protect your intellectual property by keeping it safe from hackers and other threat actors when used properly. 

You can also investigate additional techniques, such as online application penetration testing, internal network penetration testing, or cybersecurity awareness training, in the meantime and take preventative measures to safeguard important company resources.
Read more »
Yahoo
Cryptography Cyber Crime Email Attacks Encryption Gmail Outlook Protonmail User Privacy Yahoo

Is Data Safeguarded by an Encrypted Email Service?

Email is the primary form of communication in both our personal and professional lives. Users might be surprised to hear that email was never intended to be secure due to our dependency on it. Email communication carries some risks, but you may still take precautions to protect your inbox. 

What is encryption in email?

One of the most important applications for practically any organization nowadays is email. Additionally, it's among the primary methods for malware to infect businesses.

Email encryption is the process of encrypting email communications to prevent recipients other than the intended ones from seeing the content. Authentication may be included in email encryption.

Email is vulnerable to data exposure since it is usually sent in clear text rather than encryption. Users beyond the intended receivers can read the email's contents using tools like public-key cryptography. Users can issue a public key that others can use to encrypt emails sent to them, while still holding a private key that they can use to decrypt those emails or to electronically encrypt and verify messages they send.

Impacts of an Encrypted Email Service

1. Safeguards Private Data 

It is crucial to ensure that only intended recipients view the material sent via email as it frequently contains sensitive data and business secrets. It is also vital that cyber criminals are unable to decrypt the data being transmitted between people. 

Services for encrypted email are created in a way that protects user privacy rather than invading it. Not simply because they are run by very small teams, but also because their platforms were created with security in mind, encrypted email services are intrinsically more secure. To begin with, the majority employ zero-access encryption, which ensures that only the user has access to confidential data.

2. Cost-effective 

It is not necessary to buy additional hardware whenever the server which hosts the email service currently includes encryption. Many firms have invested in their own servers although it might not be essential.  A reliable third-party service is substantially less expensive.

3. Barrier Against Government Monitoring 

One can learn everything you need to know about Gmail and Yahoo from the fact that no major whistleblower, activist, dissident, or investigative reporter trusts them to transmit sensitive information, at least in terms of government surveillance. Google, for instance, makes it very plain on its official website that it reserves the right to accede to requests from the government and provide useful information.ProtonMail is founded in Switzerland, a country with some of the world's strongest privacy rules.

4. Prevents Spam

Spam attachments frequently contain malware, ensuring that hackers gain access. When you or another person uses encrypted email to deliver attachments, the email includes a digital signature to verify its authenticity. No individual will accept spoofed emails this way. 

Establish strong digital practices to prevent exposing oneself vulnerable. Update your hardware and software. We must improve internet security measures as our reliance on technology increases. Services for secure, encrypted email provide everything that caters to your privacy needs. 

Read more »
Technology
Cryptography One-Time Program OTP Research Technology

OTPs: Researchers Rekindle One-Time Program Cryptographic Concept


Technological advances over the past decade have made it possible for academics to make progress in designing so-called OTP (one-time programs). OTPs were initially proposed by researchers Goldwasser, Kalai, and Rothblum. 

OTPs, originally presented at the Crypto’08 conference were described as a type of cryptographically obfuscated computer program that can only be run once. This significant property makes them useful for numerous applications. 

The basic concept is that "Alice" could send "Bob" a computer program that was encrypted in a way that: 

1. Bob can run the program on any computer with any valid inputs and obtain a correct result. Bob cannot rerun the program with different inputs. 

2. Bob can learn nothing about the secret program by running it. 

The run-only-once requirements encounter difficulties because it would be an easier task to install a run-once-only program on multiple virtual machines, trying different inputs on each one of them. Consequently, this would violate the entire premise of the technology. 

The original idea for thwarting this (fairly obvious) hack was to only allow the secret program to run if accompanied by a physical token that somehow enforced the one-time rule for running the copy of the secret program that Alice had sent to Bob. No such tokens were ever made, so the whole idea has lain dormant for more than a decade.  

OTP revived: 

Recently, a team of computer scientists from Johns Hopkins University and NTT Research have established the basis of how it might be possible to create one-time programs using a combination of the functionality found in the chips found in mobile phones and cloud-based services. 

They have hacked ‘counter lockbox’ technology and utilized the same for an unintended purpose. Counter lockboxes secure an encryption key under a user-specified password, administering a limited number of incorrect password guesses (usually 10) before having the protected information erased. 

The hardware security module in iPhones or Android smartphones provides the needed base functionality, but it needs to be wrapped around technology that prevents Bob from attempting to deceive the system – the focus of the research. 

Garbled circuits: 

The research works show how multiple counter lockboxes might be linked together in order to form ‘garbled circuits’, i.e. a construction that might be utilized to build OTPs. 

A paper illustrating this research, entitled ‘One-Time Programs from Commodity Hardware’ is due to be presented at the upcoming Theory of Cryptography Conference (TCC 2022). 

Hardware-route discounted: 

One alternative means of constructing one-time programs, considered in the research, is using tamper-proof hardware, although it would require a “token with a very powerful and expensive (not to mention complex) general-purpose CPU”, as explained in a blog post by cryptographer Mathew, a professor at Johns Hopkins University and one of the co-authors of the paper. 

“This would be costly and worse, [and] would embed a large attack software and hardware attack surface – something we have learned a lot about recently thanks to Intel’s SGX, which keeps getting broken by researchers,” explains Green. 

Rather than relying on hardware or the potential use of blockchain plus cryptographic tool-based technology, the Johns Hopkins’ researchers have built a form of memory device or token that spits out and erases secret keys when asked. It takes hundreds of lockboxes to make this construction – at least 256 for a 128-bit secret, a major drawback that the researchers are yet to overcome. 

A bastion against brute-force attacks: 

Harry Eldridge, from Johns Hopkins University, lead author of the paper, told The Daily Swig that one-time programs could have multiple uses. 

“The clearest application of a one-time program (OTP) is preventing brute-force attacks against passwords […] For example, rather than send someone an encrypted file, you could send them an OTP that outputs the file if given the correct password. Then, the person on the other end can input their password to the OTP and retrieve the file.” Eldridge explained. “However, because of the one-time property of the OTP, a malicious actor only gets one chance to guess the password before being locked out forever, meaning that much weaker passwords [such as a four-digit PIN] can actually be pretty secure.”

Furthermore, this could as well be applied to other forms of authentication – for instance, if you wanted to protect a file using some sort of biometric match like a fingerprint or face scan. 

‘Autonomous’ Ransomware Risk

One of the drawbacks led via the approach is that threat actors might utilize the technique to develop ‘autonomous’ ransomware. 

“Typically, ransomware needs to ‘phone home’ somehow in order to fetch the decryption keys after the bounty has been paid, which adds an element of danger to the group perpetrating the attack,” according to Eldridge. “If they were able to use one-time programs, however, they could include with the ransomware an OTP that outputs the decryption keys when given proof that an amount of bitcoin has been paid to a certain address, completely removing the need to phone home at all.” 

Although, the feedback on the work so far has been “generally positive”, according to Eldridge. “[Most agree] with the motivation that OTPs are an interesting but mostly unrealized cryptographic idea, with the most common criticism being that the number of lockboxes required by our construction is still rather high. There is possibly a way to more cleverly use lockboxes that would allow for fewer of them to be used.” 

Read more »
Technology
Computers Cryptography Protocols Quantum Technology

Post-quantum Cryptography Achieves Standardization Milestone

 

The first four standardised protocols for post-quantum cryptography have been released, providing the foundation for the creation of "future-proof" apps and web services. 

Last Monday, the US federal government's National Institute of Standards and Technology (NIST) announced a quartet of recommended protocols as part of a continuing standardisation process. The chosen encryption algorithms will be included in NIST's post-quantum cryptography standard, which is scheduled to be completed within the next two years. 

Four more algorithms are currently being considered for inclusion in the standard. According to NIST, for most use cases, two basic algorithms should be implemented: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). 

In the event that one or more approaches prove insecure, more than one algorithm for each use case is being sought as a backup. NIST recommends CRYSTALS-Dilithium as the principal method for digital signatures, with FALCON for applications that require smaller signatures than Dilithium can offer. SPHINCS, a third algorithm, is slower than the other two but was approved since it is based on a distinct mathematical process and so gives a possibility to increase variety. Dustin Moody of NIST discussed why another round of selection was required.

“Of the four algorithms we selected, one is for encryption and three are for digital signatures,” Moody told The Daily Swig. 

“Of the four algorithms that we will continue to study in the fourth round, all four are encryption algorithms. The primary motivation for this is to find a non-lattice-based signature scheme which is suitable for general purpose use to be a backup for our lattice-based signature algorithms we are standardizing (Dilithium and Falcon),” Moody added. 

He continued: “Our current NIST public-key standards cover encryption and signatures. So that is what our standardization process was targeted for – to replace the vulnerable cryptosystems in those standards. Other functionalities may be considered in the future.” 

The ongoing quest for next-generation cryptographic systems is required since present encryption protocols, such as RSA, rely on solving mathematical problems that are beyond the capabilities of even the most powerful conventional computers. Sufficiently powerful quantum computers, which operate on a fundamentally different paradigm than today's PCs or servers, may be capable of cracking today's public key encryption techniques. Increasing the key length alone will not suffice to counter this possible danger, necessitating the creation of post-quantum cryptography methods. 

Decrypt later, store now

Despite the fact that the present generation of quantum computers is mostly experimental and hampered by engineering hurdles, attackers may be planning for their future availability using "store-now-decrypt-later" assaults.If such attacks are effective, a rising volume of normally encrypted financial, government, commercial, and health-related data will be vulnerable to attack by suitably powerful quantum computers. 

Quantum computers handle computational tasks by relying on the features of quantum states, such as superposition, interference, or entanglement, rather than the basic binary states (0 or 1) of traditional computers. When paired with quantum algorithms, the technology might solve some mathematical problems, such as integer factorization, in a manageably short period, posing a danger to current encryption systems that rely on the current intractability of such issues. Quantum-resistant algorithms are based on arithmetic problems that both traditional and quantum computers should struggle to solve.
Read more »
Websites
AI Certificate Authority Crypto Keys Cryptography Cyber Security EV Certificate Security Security Researchers TLS Certificates Websites

Half of Sites Still Using Legacy Crypto Keys

 

While the internet is growing more secure gene but slightly more than half of the websites' cryptographic keys are still generated using legacy encryption algorithms, as per the new research.

Security firm Venafi enlisted the assistance of renowned researcher Scott Helme to examine the world's top one million websites over the last 18 months. The TLS Crawler Report demonstrated some progress in a few areas. 

Nearly three-quarters of websites (72 per cent) now actively redirect traffic to HTTPS, a 15 per cent increase since March 2020. Even better, more than half of the HTTPS sites evaluated are using TLSv1.3, the most recent version of TLS. It has now surpassed TLSv1.2 as the most widely used protocol version. 

Furthermore, nearly one in five of the top one million websites now use the more secure HSTS (HTTP Strict Transport Security), which increased 44 per cent since March 2020. Even better, in the last six years of monitoring, the number of top one million sites using EV certificates has dropped to its lowest level ever. These are known for their slow, manual approval processes, which cause end users too much discomfort. 

Let's Encrypt, on the other hand, is now the most popular Certificate Authority for TLS certificates, with 28 per cent of sites using it. There is, however, still more to be done. 

According to the report, approximately 51% of sites still produce authentication keys using legacy RSA encryption techniques. These, along with TLS, help to verify and secure connections between physical, virtual, and IoT devices, APIs, applications, and clusters. 

ECDSA, a public key cryptography encryption technique with increased computational complexity and smaller authorization keys, is a far more secure alternative to RSA. As per Venafi, this implies they require less bandwidth to establish an SSL/TLS connection, making them perfect for mobile apps and IoT and embedded device support. 

Helme explained, "I would have expected that the rise in adoption of TLSv1.3 usage would have driving the ECDSA numbers up much more. One of the main reasons to keep RSA around for authentication is legacy clients that don't support ECDSA yet, but that seems at odds with the huge rise in TLSv1.3 which isn't supported by legacy clients. We also continue to see the use of RSA 3072 and RSA 4096 in numbers that are concerning.” 

“If you're using larger RSA keys for security reasons then you should absolutely be on ECDSA already which is a stronger key algorithm and offers better performance. My gut feeling here is that there's a lot of legacy stuff out there or site operators just haven't realized the advantages of switching over to ECDSA.”
Read more »
Two-Step Cryptography Technique
Cloud Computing Cryptography Technology Two-Step Cryptography Technique

Researchers Detail the New Two-Step Cryptography Technique

 

The accessibility of computer system resources on-demand, in particular data storage and computational power, without direct active user management is cloud computing. The terminology is commonly used to characterize data centers for several Internet users. Cloud computing has as its primary objective the provision of rapid, simple, cost-effective computing and data stocking services. The cloud environment, however, presents data privacy problems. 

The key method used to strengthen cloud computing security is cryptography. By encrypting the saved or sent data, this mathematical technique protects it, so that only the intended recipient can understand it. Although various encryption techniques exist, though none are properly secured and new technologies are still being sought so that the increasing risks to privacy and security in data are countered. 

With all that in mind, the most important question that arises is “How the two-step cryptography technique works?” 

A group of researchers from Indian and Yemen described the revolutionary two-step cryptographic method – the first to combine genetic technologies with mathematical techniques. This explanatory study by the researchers is published in the International Journal of Intelligent Networks in KeAi. As per the writers of the report, a highly secure and flexible encrypted environment can be created which could trigger a paradigm shift in data secrecy. 

The paper’s corresponding author, Fursan Thabit of Swami Raman and Teerth Marathwada University in India, explains: “Some existing famous ciphers use the Feistel structure for encryption and decryption. Others use the Network SP (Substitution-Permutation). The first level of our encryption uses a logical-mathematical function inspired by a combination of the two. Not only does it improve the complexity of the encryption, but it also increases energy efficiency by reducing the number of encryption rounds required.” 

The second encryption layer by the researcher is influenced by genetic technological structures based on the Central Dogma of Molecular Biology (CDMB). It models the actual genetic code operations (binary to DNA base translations), transcription (DNA to mRNA regeneration), and translation (regeneration from mRNA to protein). 

They are the first to integrate the concepts of DNA, RNA, and genetic engineering for cryptographic matters and the first to merge the genetic encrypting process with mathematics to create a complex key. 

By evaluating the encrypting time, decryption time, output, and length of the ciphertexts produced, the researchers have assessed their novel algorithm robustness. They observed that their suggested algorithm has great safety strength and is extremely versatile compared with several other genetic encryption approaches and existing symmetric key encryption techniques. It takes less time than most other procedures as well. 

However, the algorithm's obvious structure – two layers of encryption that only incorporates four coding rounds - reduces the complexity of computing and processing strength. 

Thabit explains: “That clear structure means each round requires only simple math and a genetics simulation process.”
Read more »
Technology
Cryptography SIM Swapping Technology

Europol Arrests 2 Dozen Suspects of SIM-Swap Fraud Following Cross-Border Investigations



Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations. 

Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now. SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network. 

Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity. 

It had so happened in October in the United States that the FBI cautioned that 'bad guys' were getting around certain kinds of two-factor authentication (2FA).

The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text. 

However whether the hackers are breaking into 'regular old bank accounts' or Bitcoin accounts, the crime is clearly incredibly expensive for the victims who observe helplessly as their accounts drain. Here are some safety measures recommended for the users to consider and forestall such mishappenings-
  1. Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place. 
  2. Avoid obvious answers to account security questions. 
  3. Use an on-access (real-time) anti-virus and keep it up-to-date
  4. Be suspicious if your phone drops back to “emergency calls only” unexpectedly.
  5. Consider switching from SMS-based 2FA codes to codes generated by an authenticator app.

Read more »
internet privacy
Cryptography Encryption FSB internet privacy

The Head of the FSB appealed for the creation of international rules on the Internet


The Head of the FSB of Russia Alexander Bortnikov stated the need to create international rules on the Internet. In particular, to make encrypted messages in mobile applications open to intelligence agencies.

If the international community can come to a consensus on this issue, the terrorists will actually lose the list of opportunities, such as propaganda, recruitment, financing, communication, management, said Bortnikov at an International Conference on Countering Terrorism on 18 April 2019 in St. Petersburg.

He noted that the use of cryptography in services for communication prevents the effective fight against terror. According to him, Russia has developed a concept for the creation of "the system of the deposit of encryption keys generated by mobile applications, which will be open for control” to solve this problem. Bortnikov proposed to the world community to realize this idea together and to provide intelligence agencies with legal access to important encrypted information of the terrorists.

In addition, Bortnikov noted that at the moment there are more than 10 thousand sites of existing international terrorist structures and thousands of accounts in social networks. The information is published in more than 40 languages, but the leading positions are occupied by Arabic, English and Russian languages.

Bortnikov added that the ability to hide data in IP-telephony and foreign e-mail servers leads to an increase in the spread of false reports of terrorist attacks, as well as the sale of weapons and explosives.

According to one of the amendments to the law on Autonomous RUnet (http://www.ehackingnews.com/2019/02/the-kremlin-told-about-hacker-attacks.html), IT-companies were obliged to use Russian cryptography for all traffic in the Russian segment. It is assumed that the Government will determine the issuance and use of codes and encryption.

In addition, in April 2018 Russia tried to block the Telegram messenger for refusing to provide the FSB with the encryption key of the negotiations of suspected terrorists (http://www.ehackingnews.com/2018/04/russian-court-orders-to-block-telegram.html).
Read more »
Steganography
Cryptography Featured Security News Steganography

New Steganography method TranSteg hides Data in VoIP(IP Telephony)

Researchers from Warsaw University of Technology, Institute of Telecommunications find a new Steganography method that helps to hide the Data in VoIP(IP Telephony).  The method is named as "TranSteg((Transcoding Steganography)". 

Voice over IP (VoIP), or IP telephony, is one of the services of the IP world that is changing the entire telecommunication’s landscape. It is a real-time service, which enables users to make phone calls through data networks that use an IP protocol.
Steganography encompasses various information hiding techniques, whose aim is to embed a secret message(steganogram) into a carrier (image,audio,video). Steganographic methods are aimed at hiding of the very existence of the communication, therefore any third-party observers should remain unaware of the presence of the steganographic exchange.


In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed.

TranSteg detection is difficult to perform when performing inspection in a single network localisation.

Read more »
Subscribe to: Posts (Atom)