Dec 2 2013

OpenSSL PKI Tutorial

OpenSSL PKI security architecture.

PKI ProcessAt its heart, an X.509 PKI is a security architecture that uses well-established cryptographic mechanisms to support use-cases like email protection and web server authentication. In this regard it is similar to other systems based on public-key cryptography, for example OpenPGP [RFC 4880]. In the realm of X.509 however, and thanks to its roots in a globe-spanning scheme devised by the telecom industry, these mechanisms come with a fair amount of administrative overhead.

One thing to keep in mind is that X.509 is not an application, but a specification upon which applications like Secure Multipurpose Internet Mail Extensions (S/MIME) and Transport Layer Security (TLS) are based. The building blocks are very generic and derive most of their meaning from the relations that exist/are established between them. It’s called an infrastructure for a reason.

Visit: PKI tutorial to learn more about PKI.

By Security • Tags:

Oct 8 2013

Social engineering

Tsutomu Shimomura TakedownIf you are serious about IT security then this book is a must. Take the time to read it and try to understand the power of social engineering. There is no single technique in this world that can protect you against a good social engineering attack. This book is written by Tsutomu Shimomura together with John Markoff and tells the story about one of the first well known “hackers” Kevin Mitnick.

Especially the fact that Kevin Mitnick has good social engineering skills make him a pro in getting excess to secure environments.

ISBN-10: 0-7868-8913-6

By Security • Tags:

Sep 27 2013

Everyday cybercrime what you can do about it

In an ever expanding world of networked mobile devices, security threats and our ignorance of them are more widespread than ever. James Lyne of security firm Sophos believes that if we continue to ignore basic best practices, security is on a trajectory of failure.

Source: TED

By Security

Sep 6 2013

NSA and GCHQ unlock encryption

Computer ScreenUS and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook.

NSA Exploit diagramThis network diagram, from a GCHQ pilot program, shows how the agency proposed a system to identify encrypted traffic from its internet cable-tapping programs and decrypt what it could in near-real time.
The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering.

But security experts accused them of attacking the internet itself and the privacy of all users. “Cryptography forms the basis for trust online,” said Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society. “By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.” Classified briefings between the agencies celebrate their success at “defeating network security and privacy”.

Read more: The Guardian

If I think about it, what does this mean for the possibility that organized crime also has the opportunity to use these techniques. Then our whole eCommerce will crumble. Something to think about.

By Security • Tags:

1 2 3 4 5