Tag Archive for: Encryption

How to stop quantum computers from breaking the internet’s encryption

/in


Keeping secrets is hard. Kids know it. Celebrities know it. National security experts know it, too.

And it’s about to get even harder.

There’s always someone who wants to get at the juicy details we’d rather keep hidden. Yet at every moment, untold volumes of private information are zipping along internet cables and optical fibers. That information’s privacy relies on encryption, a way to mathematically scramble data to prevent any snoops from deciphering it — even with the help of powerful computers.

But the mathematical basis of these techniques is under threat from a foe that has, until recently, seemed hypothetical: quantum computers.

In the 1990s, scientists realized that these computers could exploit the weird physics of the minuscule realm of atoms and electrons to perform certain types of calculations out of reach for standard computers. That means that once the quantum machines are powerful enough, they could crack the mathematical padlocks on encrypted data, laying bare the world’s secrets.

Today’s quantum computers are far too puny to defeat current security measures. But with more powerful quantum machines being regularly rolled out by the likes of IBM and Google, scientists, governments and others are beginning to take action. Experts are spreading the word that it’s time to prepare for a milestone some are calling Y2Q. That’s the year that quantum computers will gain the ability to crack the encoding schemes that keep electronic communications secure.

“If that encryption is ever broken,” says mathematician Michele Mosca, “it would be a systemic catastrophe.”

Y2Q is coming. What does it mean?

Encryption pervades digital life — safeguarding emails, financial and medical data, online shopping transactions and more. Encryption is also woven into a plethora of physical devices that transmit information, from cars to robot vacuums to baby monitors. Encryption even secures infrastructure such as power grids. The tools Y2Q threatens are everywhere. “The stakes are just astronomically high,” says Mosca, of the University of Waterloo in Canada, who is also CEO of the cybersecurity company evolutionQ.

The…

Source…

The Evolution of SSL/TLS Encryption: A Brief History

/in


The Evolution of SSL/TLS Encryption: A Brief History

The Evolution of SSL/TLS Encryption: A Brief History

The internet has become an indispensable part of our daily lives, connecting us to people, businesses, and information across the globe. As we increasingly rely on the internet for communication, commerce, and data storage, the need for secure connections has become paramount. One of the most critical components of internet security is encryption, and at the heart of encryption lies the Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS). This article will take you through a brief history of the evolution of SSL/TLS encryption and its significance in today’s digital world.

The origins of SSL can be traced back to the early 1990s when the internet was still in its infancy. Netscape, a pioneer in the web browser market, recognized the need for secure communication between clients and servers. To address this need, Netscape developed the first version of SSL in 1994. SSL 1.0 was never publicly released due to significant security flaws, but it laid the groundwork for what would become a cornerstone of internet security.

In 1995, Netscape released SSL 2.0, which resolved many of the issues found in the initial version. SSL 2.0 introduced several key features, such as the use of cryptographic algorithms for key exchange, data encryption, and message authentication. Despite these improvements, SSL 2.0 still had several vulnerabilities, prompting Netscape to develop SSL 3.0 in 1996. This new version addressed many of the remaining security concerns and laid the foundation for the future of SSL/TLS encryption.

As the internet continued to grow and evolve, so too did the need for a standardized approach to encryption. In 1999, the Internet Engineering Task Force (IETF) took over the development of SSL and released the first version of TLS, TLS 1.0. This new protocol was based on SSL 3.0 but included several improvements, such as enhanced cryptographic algorithms and better support for extensibility. The shift from SSL to TLS marked the beginning of a new era in internet security.

Over the years, the IETF has continued to develop and refine the TLS protocol,…

Source…

What is encryption? The backbone of computer security, explained

/in


If you’ve read anything about technology in the last few years, you may have seen the term “encryption” floating around. It’s a simple concept, but the realities of its use are enormously complicated. If you need a quick 101 on what encryption is and how it’s used on modern devices, you’ve come to the right place. But first, we have to start at the beginning.

Further reading: 5 easy tasks that supercharge your security

The basics of cryptography

At the most simple, basic level, encryption is a way to mask information so that it can’t be immediately accessed. Encryption has been used for thousands of years, long before the rise of the information age, to protect sensitive or valuable knowledge. The use and study of encryption, codes, and other means of protecting or hiding information is called cryptography.

The most simple version of encryption is a basic replacement cipher. If you use numbers to indicate letters in the Latin alphabet, A=1, B=2, et cetera, you can send a message as that code. It isn’t immediately recognizable, but anyone who knows the code can quickly decipher the message. So, a seemingly random string of numbers:

20 8 5 16 1 19 19 23 15 18 4 9 19 19 23 15 18 4 6 9 19 8

…can become vital information, to someone who knows how to read it.

t he p a s s w o r d i s s w o r d f i s h

That’s an incredibly basic example, the kind of thing you might find in the classicdecoder ringtoy. Archaeologists have found examples of people encrypting written information that are thousands of years old: Mesopotamian potters sent each other coded messages in clay, telling their friends how to make a new glaze without letting their competitors know. A set of Greek substitutions called the Polybus square is another example, requiring a key to unlock the message. It was still being used in the Middle Ages.

Cryptography in wartime

Cryptography is used to protect information, and there’s no more vital application than warfare. Militaries have encrypted their messages to make sure that enemies won’t know their plans if communication is intercepted. Likewise, militaries also try to break encryption, discover the…

Source…

New Rorschach ransomware hits with unique features and very fast encryption

/in


Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far.

“A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when executed on a domain controller (DC) while it clears the event logs of the affected machines,” researchers from security firm Check Point said in a new report. “In addition, it’s extremely flexible, operating not only based on a built-in configuration but also on numerous optional arguments which allow it to change its behavior according to the operator’s needs.”

The Check Point researchers came across the ransomware strain while responding to a security incident at a US-based company. Later they realized that researchers from South Korean security firm AhnLab had previously documented a variant in February, but attributed it to the known DarkSide ransomware operation. Check Point believes this is incorrect and the confusion might be because there were similarities in the ransom notes dropped by the two threats, but not in every case. In other incidents, Rorschach dropped a ransom note similar to one used by another ransomware program, Yanluowang.

The variety in behavior exhibited by this ransomware program, which seems to have borrowed techniques and code from various other ransomware threats, led to the Check Point researchers naming it Rorschach after the popular psychological test where subjects can have different perceptions of the same inkblots shown to them.

Rorschach features DLL side-loading

In the incident investigated by Check Point, Rorschach was executed by exploiting a DLL side-loading vulnerability in a component of the Palo Alto Network’s Cortex XDR, a commercial security product. Specifically, the attackers dropped a copy of the Cortex XDR Dump Service Tool version 7.3.0.16740 together with a file named winutils.dll that serves as a loader for the ransomware.

DLL side-loading is a technique in which attackers plant a malicious DLL library with a particular name…

Source…