Archive for InfoSec

You are browsing the archives of InfoSec.

Witness Signatures Add Authenticity

Part of the Apple/FBI court case involves how software updates are protected with digital signatures. The key ensures that the update comes from Apple and therefore has a level of trust associated with the history of the company. The government is not asking Apple to turn over the signing key and Apple is not likely […]

Encryption Ensures Privacy

Encryption techniques are mathematically designed to be uncrackable, at least in an amount of time that relates to the value of the secret. This means the time and computing resources needed to successfully attack the encryption will cost more than the attacker is willing to spend. More computing power means less time. If it takes […]

Hacking an Encrypted Phone

Recent news has the media atwitter with misinformation about hacking phones and encrypted data. Here are some of the basic issues: ENCRYPTION Encryption is the process of using a coding technique to obscure information. Simple substitution techniques like using a number for each letter of the alphabet have been in use for many years. These […]

Password Strength Requirements

While the main premise of the article linked below is correct, it understates a key part of password cracking methodology. There are two primary means of cracking passwords: using word lists, and brute force. There are also many hybrid combinations, which is an important focus of the article. In brute force cracking, every element of […]

New Release of Kali Linux

Kali Linux is a penetration testing framework that contains over 600 penetration testing tools. It is a Debian based toolkit built on the foundation created by BackTrack. Some of the better known tools include: Wireshark – packet sniffer and protocol analysis nmap – port scanner john the ripper – password hash cracker metasploit framework – […]

NIST Adds New SP-1800 series

NIST (National Institute of Standards and Technology) has announced a new Special Publications (SP) series of documents called SP-1800, intended to augment the SP-800 series. SPECIAL PUBLICATIONS – [nist.gov] SP 1800, NIST Cybersecurity Practice Guides (2015-present): A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; […]

Super Criminal from Silk Road

Ross Ulbricht is a super criminal like Lex Luthor in the Superman comics. Ross is the creator of the darknet trading post and web site known as “the Silk Road”. Named after the trade route of history that connected China and Europe, the Silk Road became an online black market where illicit goods could be […]

FISMA Law vs Home Email Server

Working for a federal agency that has IT functions regulated by public law and running an email server from home to use for agency business seems problematic, but it may be possible. Here are some of the laws and regulations that come into play: FISMA – PUBLIC LAW 107–347, DEC. 17 2002 is known as […]

NSA APT? – “THE EQUATION GROUP”

Kaspersky Lab uncovers online spy tools with potential NSA connections – [youtube.com] Equation Group: The Crown Creator of Cyber-Espionage – [kaspersky.com] For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide. The team has seen nearly everything, with attacks becoming […]

British Army “Twitter Brigade”

During World War II, the British Army created a commando/special forces unit called the “Chindits” that operated in Burma and India, using guerrilla warfare tactics to operate deeply behind Japanese lines. They were formally known as the 77th Indian Infantry Brigade and operated on foot, getting resupplied by parachute drops. They were known for collecting […]