HackDig : Dig high-quality web security articles for hacker

Exploiting the Windows CryptoAPI Vulnerability

On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. If you want to stop reading here, get the important details, and see if you̵
Publish At:2020-01-16 15:25 | Read:215 | Comments:0 | Tags:Cryptography Exploits Vulnerability exploit

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:554 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

How safe browsing fails to protect user privacy

Recently, security researchers discovered that Apple was sending safe browsing data to Tencent for all Chinese users. This revelation has brought the underlying security and privacy guarantees of the safe browsing protocol under increased scrutiny. In particular, safe browsing claims to protect users by providing them with something called k-anonymity. In th
Publish At:2019-11-12 03:25 | Read:361 | Comments:0 | Tags:Cryptography

Multi-Party Computation on Machine Learning

During my internship this summer, I built a multi-party computation (MPC) tool that implements a 3-party computation protocol for perceptron and support vector machine (SVM) algorithms. MPC enables multiple parties to perform analyses on private datasets without sharing them with each other. I developed a technique that lets three parties obtain the resul
Publish At:2019-10-04 11:40 | Read:676 | Comments:0 | Tags:Cryptography Internship Projects

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:634 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Better Encrypted Group Chat

Broadly, an end-to-end encrypted messaging protocol is one that ensures that only the participants in a conversation, and no intermediate servers, routers, or relay systems, can read and write messages. An end-to-end encrypted group messaging protocol is one that ensures this for all participants in a conversation of three or more people. End-to-end encrypte
Publish At:2019-09-19 16:00 | Read:395 | Comments:0 | Tags:Cryptography Internship Projects

Rewriting Functions in Compiled Binaries

by Aditi Gupta, Carnegie Mellon University As a summer intern at Trail of Bits, I’ve been working on building Fennec, a tool to automatically replace function calls in compiled binaries that’s built on top of McSema, a binary lifter developed by Trail of Bits. The Problem Let’s say you have a compiled binary, but you don’t have access to the original source
Publish At:2019-09-19 16:00 | Read:407 | Comments:0 | Tags:Cryptography Internship Projects McSema binary patching

Crypto 2019 Takeaways

This year’s IACR Crypto conference was an excellent blend of far-out theory and down-to-earth pragmatism. A major theme throughout the conference was the huge importance of getting basic cryptographic primitives right. Systems ranging from TLS servers and bitcoin wallets to state-of-the-art secure multiparty computation protocols were broken when one small s
Publish At:2019-09-19 16:00 | Read:286 | Comments:0 | Tags:Conferences Cryptography Paper Review

The Blockchain Is Only as Strong as Its Weakest Link

This is the first installment in a three-part series. Blockchain-based applications will revolutionize the way people and organizations interact with each other and the Internet of Things (IoT) — and rightfully so. Based on the foundational principles of trust, blockchain has the potential to solve real-life business challenges within every sector. Permissio
Publish At:2017-10-27 14:00 | Read:3560 | Comments:0 | Tags:Banking & Financial Services Data Protection Blockchain Cryp

Top 25 Security+ Interview Questions

The CompTIA Security+ certification is a good entry-level certification for infosec professionals. Many jobs, including Department of Defense positions, require the Security+ certification. Below are examples of the technical questions you may be asked as a certified Security+ professional. What is the difference between a public key cryptography and a
Publish At:2017-10-22 04:35 | Read:2624 | Comments:0 | Tags:Cryptography Interviews IT Certifications Meta

Cybercrime’s Cryptocurrency Gold Rush: Going Strong!

What’s the connection between cybercrime and cryptocurrencies? Perhaps it would suffice to say that the reasons for criminals adopting the cryptocoin are quite obvious. But when did this all start, and what fuels it and gets fueled in return? This blog will go over some of the historical reasons that connect cybercrime and cryptocurrency as well as exa
Publish At:2017-10-04 21:35 | Read:4398 | Comments:0 | Tags:Fraud Protection Threat Intelligence Bitcoin Bitcoin Mining

Pacemakers prone to getting hacked

Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic e
Publish At:2017-09-05 12:30 | Read:2762 | Comments:0 | Tags:News cryptography Exploit hacking IOT news pacemaker

Need-to-Know Only: Use Encryption to Make Data Meaningless to Prying Eyes

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security profes
Publish At:2017-08-29 10:15 | Read:3554 | Comments:0 | Tags:Data Protection Cryptography Data Security Encryption Encryp

The Power of Pervasive Encryption

The new z14 mainframe computer offers a chance to re-evaluate what a mainframe can do for an organization. Gone are the days when the mainframe was the only way to do computing. Today, there are new and different choices, and the z14 can make those choices practical. The z14 features standard improvements that users have come to expect, such as faster, mor
Publish At:2017-08-15 11:45 | Read:3575 | Comments:0 | Tags:Data Protection Mainframe Compliance Cryptography Data Secur

A Review of Asymmetric Cryptography

IntroductionOur last article further examined and finished off the topic of Symmetric Cryptography. Specifically, the following topics were examined:The Caesar MethodologyThe Types of Cryptographic AttacksPolyalphabetic EncryptionBlock CiphersInitialization VectorsCipher Block ChainingIn this article, we now start to examine another Cryptographic Infra
Publish At:2017-01-31 13:15 | Read:6822 | Comments:0 | Tags:Cryptography


Share high-quality web security related articles with you:)


Tag Cloud