Posts

ERI’s John Shegerian Describes the Dangers of Hardware Hacking and the “Insecurity of Everything” on Security Ledger Podcast


Press release content from Business Wire. The AP news staff was not involved in its creation.

FRESNO, Calif.–(BUSINESS WIRE)–Sep 23, 2021–

John Shegerian, Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company, is a featured guest on the current episode of the “ Security Ledger ” podcast.

The show, hosted by Paul F. Roberts, the founder and Editor in Chief of The Security Ledger, an independent security news and analysis publication that explores the intersection of cyber security with the Internet of Things, features interviews with leading minds in the area of cyber security, threats and attacks. The Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life. Security Ledger provides well-reported and context-rich news and opinion about computer security topics that matter in our IP-enabled homes, workplaces and daily lives.

In the current episode, Shegerian discusses his latest book, The Insecurity of Everything, and the various aspects of hardware security that are often overlooked in today’s society, both by consumers as well as businesses.

“It was an honor to talk with Paul and be featured on his excellent and informative podcast, the Security Ledger, sharing information on one of the most critical and pressing issues in the world today – the hardware hacking of private data,” said Shegerian. “Protection of privacy has become a greater issue than ever before. It is important that we share vital best practices for protecting digital privacy and security with the cybersecurity community and beyond.”

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI is certified at the highest level by all leading environmental and data security oversight organizations to de-manufacture, recycle, and refurbish every type of electronic device in an…

Source…

Dangers of Quantum Hacking: A threat to Encryption


Quantum Hacking

Quantum hacking is the biggest threat to encryption. 

Quantum computers have limitless potentials. There is no doubt that one day quantum computers will find a cure for cancer or help in eliminating world hunger. But along with this, they could also help hackers get access to our most private data by breaking encryption. While quantum computing is beneficial, quantum hacking is dangerous. 

 

What is quantum hacking?

To be precise quantum hacking is the use of quantum computers to carry out malicious actions. Quantum hacking is performed by modern cryptographic strategies which often use private and public keys to encrypt and decrypt data through a mathematical equation. These mathematical equations can be easily broken by advanced quantum computers. It would surely take a while, but the process is still possible using the nonlinear protocol of quantum computing.

When quantum hacking becomes possible, a system that repairs the existing internet security practices needs to be developed. If not, it would be easy for hackers to break through data and cause costly issues.

 

Threat to Encryption 

With digital transformation, everything is now digital, even data, and all our digital data like emails, chats, online purchases, etc are encrypted which makes it unreadable without a decryption key. This prevents our data in the cloud and our computers from being tampered with. AES (Advanced Encryption Standard) is the most commonly used method for encrypting all this data. With today’s classical computers it is impossible to break AES encryption, but through quantum computers, it is possible to decrypt the encrypted data. 

It is believed that quantum-optimized algorithms and artificial intelligence will increasingly be used together in breaking the mathematically based cryptographic algorithms. While performing a huge superposition of possible results to these algorithms requires a quantum device in the millions of qubits and the largest quantum computer today has just 72 qubits, similar results can be obtained with quantum-optimized algorithms performing within a computer emulator running on consumer gaming video cards. 

With advanced quantum computing and with readily available hardware…

Source…

Experts warn of dangers from breach of voter systems due to GOP ‘audits’


CHRISTINA A. CASSIDY

FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while setting up a polling location at an elementary school in Gwinnett County, Ga., outside of Atlanta. Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts who say they have increased the risk to elections in jurisdictions that use the equipment. (AP Photo/Ben Gray, File)

ATLANTA — Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.

Copies of the Dominion Voting Systems software used to manage elections — from designing ballots to configuring voting machines and tallying results — were distributed at an event this month in South Dakota organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election.

“It’s a game-changer in that the environment we have talked about existing now is a reality,” said Matt Masterson, a former top election security official in the Trump administration. “We told election officials, essentially, that you should assume this information is already out there. Now we know it is, and we don’t know what they are going to do with it.”

Source…

At Black Hat, mobile and open-source software emerge as key cybersecurity dangers


Mobile platforms and open-source software emerged as key cybersecurity issues at the annual Black Hat USA cybersecurity conference this week, judging from presentations by a mix of onsite attendees and virtual streaming of briefings from security researchers around the globe.

In his opening keynote remarks, Black Hat founder Jeff Moss summed up the general feeling in the cybersecurity community, which has weathered an explosion of ransomware attacks, a major supply chain exploit and the growth of Russia, China, North Korea and Iran into serious nation-state hacking operations.

“We’re just recognizing that we’re getting punched in the face and we’re trying to figure out what to do about it,” Moss said. “It’s been a really stressful couple of years.”

Here are five key takeaways from a week of Black Hat presentations:

1. The mobile platform is the next frontier for malicious actors

There is mounting evidence that threat actors are turning their considerable resources to exploiting vulnerabilities in mobile platforms. With an estimated 6 billion smartphone subscriptions around the globe, they’re just too attractive an opportunity to pass up.

The attacks on mobile coincide with an increase in zero-day exploits, bugs that are unknown in the security community and therefore unpatched.

Zero-day exploits are market-driven, based on supply and demand. Last year, the zero-day broker Zerodium announced a pause in acquiring Apple iOS exploits because of a high number of submissions. An iPhone zero-day allowed cybercriminals to hack into the mobile devices of 36 international journalists last summer.

Research presented by keynote speaker Matt Tait, chief operating officer of Corellium LLC and a former analyst for GCHQ, the U.K.’s version of National Security Administration, showed how significant this problem is becoming.

“The amount of zero-day exploitation against mobile phone devices is being exploited dramatically,” Tait told conference participants. “We’re only getting a tiny glimpse of what actually may be happening out in the world.”

Part of the problem is that the architecture of some mobile platforms has created its own set of issues. Natalie…

Source…