HackDig : Dig high-quality web security articles

S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]

byPaul Ducklin[02’00”] Security code flushes out security bugs.[15’48”] Recursion: see recursion.[26’34”] Phishing (and lots of it).[33’09”] Oh! No! The Windows desktop that got so big it imploded.With Paul Ducklin and Doug Aamoth.Intro and outro music by Edith Mudge.LISTEN NOWClick-and-drag on the soundwaves b
Publish At:2021-09-03 09:38 | Read:245 | Comments:0 | Tags:Cryptocurrency Cryptography Phishing Podcast cryptocurrency

Skimming the CREAM – recursive withdrawals loot $13M in cryptocash

byPaul DucklinYou must have had that happy feeling (happiest of all when it’s still a day or two to payday and you know that your balance is paper-thin) when you’re withdrawing money from a cash machine and, even though you’re still nervously watching the ATM screen telling you that your request is being processed, you hear the motors in th
Publish At:2021-09-01 05:43 | Read:334 | Comments:0 | Tags:Cryptography Vulnerability CREAM cryptocurrency recursion

Big bad decryption bug in OpenSSL – but no cause for alarm

byPaul DucklinThe well-known and widely-used encryption library OpenSSL released a security patch earlier this week.Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE look at all similar.To spell it out ph
Publish At:2021-08-26 21:50 | Read:3 | Comments:0 | Tags:Cryptography Uncategorized Vulnerability buffer overflow CVE

Importance of Cryptography Encryption in Apps & Latest Encryption Algorithm

Definition of ‘Cryptography’ “Cryptography is an information security tactic used to protect enterprise information and communication from cyber threats through the use of codes. This refers to secure information and communication techniques derived from algorithms, to convert messages in ways that are hard to decipher. “ Digita
Publish At:2021-07-09 02:40 | Read:511 | Comments:0 | Tags:Knowledge-base News Web Application Security Asymmetric Algo

S3 Ep22: Cryptographic escapes and social media scams [Podcast]

byPaul DucklinHow to stop security-conscious apps from allowing unencrypted data to escape, and how scammers put social network users under pressure in order to steal their passwords.With Doug Aamoth and Paul Ducklin.Intro and outro music by Edith Mudge.LISTEN NOWClick-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen
Publish At:2021-03-04 14:55 | Read:945 | Comments:0 | Tags:Cryptography Podcast Cybercrime fraud Naked Security Podcast

Serving up zero-knowledge proofs

By Jim Miller, Senior Cryptography Analyst Zero-knowledge (ZK) proofs are gaining popularity, and exciting new applications for this technology are emerging, particularly in the blockchain space. So we’d like to shine a spotlight on an interesting source of implementation bugs that we’ve seen—the Fiat Shamir transformation. A ZK proof can be either int
Publish At:2021-02-19 12:08 | Read:706 | Comments:0 | Tags:Cryptography Zero Knowledge

Free coffee! Dutch researcher hacks prepaid vending machines

byPaul DucklinDutch cybersecurity researcher Polle Vanhoof just published a fascinating and well-written paper about an exploitable hole he found in the payment system used in some Nespresso prepaid coffee machines.That’s actually much better news than it sounds.Vanhoof disclosed the flaw back in September 2020; has publicly praised Nespresso in his wr
Publish At:2021-02-04 12:13 | Read:819 | Comments:0 | Tags:Cryptography Vulnerability Crypto1 Mifare Nespresso NFC Vanh

GnuPG crypto library can be pwned during decryption – patch now!

byPaul DucklinBug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software.The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy Guard team’s own widely deploy
Publish At:2021-01-30 23:01 | Read:1204 | Comments:0 | Tags:Cryptography Vulnerability Exploit GNU Privacy Guard GnuPG G

S3 Ep15: Titan keys, Mimecast certs and Solarwinds [Podcast]

byPaul DucklinWe explain how two French researchers hacked the Google Titan security key product (but why you don’t need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it.With Kimberly Truong, Doug Aamoth and Paul Ducklin.Intro and outro music: Edith Mudge.LISTEN NOWClick-and-drag on the soundwaves b
Publish At:2021-01-14 13:07 | Read:887 | Comments:0 | Tags:Podcast Cryptography hacking Naked Security Podcast side-cha

Naked Security Live – HTTPS: do we REALLY need it?

byPaul DucklinHere’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential.Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when you
Publish At:2021-01-11 14:55 | Read:1046 | Comments:0 | Tags:Audio and Video Cryptography Privacy Video crypto https Nake

Google Titan security keys hacked by French researchers

byPaul DucklinIn July 2018, after many years of using Yubico security key products for two-factor authentication (2FA), Google announced that it was entering the market as a competitor with a product of its own, called Google Titan.Security keys of this sort are often known as FIDO keys after the Fast IDentity Online Alliance, which curates the technical spe
Publish At:2021-01-11 11:01 | Read:864 | Comments:0 | Tags:Cryptography Google ecdsa FIDO hacking side-channel Titan se

Get back into the cybersecurity groove for 2021

byPaul DucklinA lot of technical articles, especially in the fields of computer science and information security, put you on the horns of a dilemma.To become an expert, you first need to read the article; yet to understand the article, you first need to be an expert.Well, here on Naked Security, we go out of our way to avoid this sort of “cybersecurity
Publish At:2020-12-31 09:49 | Read:1270 | Comments:0 | Tags:Cryptography Privacy Security leadership Security threats se

Reverie: An optimized zero-knowledge proof system

Zero-knowledge proofs, once a theoretical curiosity, have recently seen widespread deployment in blockchain systems such as Zcash and Monero. However, most blockchain applications of ZK proofs make proof size and performance tradeoffs that are a poor fit for other use-cases. In particular, these protocols often require an elaborate trusted setup phase and op
Publish At:2020-12-14 09:26 | Read:879 | Comments:0 | Tags:Cryptography Internship Projects

S3 Ep10: Hacking iPhones, sunken Enigmas and double scams

byPaul DucklinIn this episode, we dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk to phone scammers.With Kimberly Truong, Doug Aamoth and Paul D
Publish At:2020-12-10 10:43 | Read:1179 | Comments:0 | Tags:Apple iOS Podcast Privacy Spam Cryptography enigma Exploit h

S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]

byPaul DucklinThis week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”.Presenters: Kimberly Truong, Doug Aamoth and Paul Duck
Publish At:2020-10-23 08:18 | Read:1232 | Comments:0 | Tags:Cryptography Google Google Chrome Podcast crypto Cybercrime

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud