While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security profes

The new z14 mainframe computer offers a chance to re-evaluate what a mainframe can do for an organization. Gone are the days when the mainframe was the only way to do computing. Today, there are new and different choices, and the z14 can make those choices practical. The z14 features standard improvements that users have come to expect, such as faster, mor

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra

Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share l

Sheryl Sandberg on crypto weakening. The new Crypto war being started where government agencies are wanting a reduction in encryption strengths. DISCLAIMER: All views and facts explained in this article are the views of the author and does not in anyway related to the views of organization where the individual is employed. The article is an observation based

On July 17, IBM unveiled its z14 mainframe server, which combines the traditional mainframe hardware with new capabilities in areas such as cloud, cognitive, analytics, application management, blockchain, machine learning and more. Most importantly, z14 includes enhanced security features — namely, pervasive encryption — to help clients stay one step ahead

We in the security field like to use metaphors to help illustrate the significance of data in the enterprise. I’m a big fan of cooking, so I’ll use the metaphor of a secret sauce. Think about it: Each transaction basically reflects your organization’s unique relationship with a customer, supplier or partner. By sheer quantity alone, mainfra

The industry just gained another ally in the global fight against cybercrime with the launch of the new IBM z14 mainframe. With close to 70 percent of the world’s largest businesses — including those in banking, health care, insurance and retail — running on mainframes, IBM z not only increases power and speed to handle enormous transactions, but also

The deployment of encryption in modern businesses does not only guarantee hundred percent security but it also reduces the surface of attack. Data protection has become the top objective for many businesses in the world today. Especially after the ransomware incident, hacked credit card databases and the Apple leak. Businesses are scratching their heads in a

Researchers have exploited vulnerabilities in the implementation of the GMR-2 cipher decrypt satellite phone communications in fractions of a second. Two Chinese security researchers have exploited vulnerabilities in the implementation of the GMR-2 standard that could be exploited to decrypt satellite phone communications in fractions of a second. The GMR-2

The author of the original variant of the Petya ransomware has made the master key available online, all the victims can decrypt their files for free. Janus, the author of the original variant of Petya ransomware (that isn’t the NotPetya variant used in the recent massive attack) has made the master key available online. All the victims of the original

POC||GTFO journal edition 0x15 came out a while ago and I’m happy to have contributed the article “Nail in the JKS coffin”. You should really read the article, I’m not going to repeat myself here. I’ve also made the code available on my “JKS private key cracker hashcat” github repository. For those who really need a

Experts have devised a side-channel attack on RSA secret keys that allowed to crack 1024-bit RSA Encryption in GnuPG Crypto Library. Security researchers have found a critical vulnerability, tracked as CVE-2017-7526, in a Gnu Privacy Guard (aka (GnuPG or GPG) cryptographic library that allowed them cracking RSA-1024 and extract the RSA key to decrypt data.