Tag: Internet’s | Page 2

OODA Loop – What You Need To Know About The Internet’s Latest Problem: Repeating Random Numbers!

January 23, 2022/in Internet Security

Digital Certificates are a foundational building block of the Internet. They are used to verify the identity of e-commerce sites, the authenticity of software and encrypt data. Not surprisingly, cyberattackers try to create fake Certificates or get the Private Keys for real ones to steal data or intercept communications. No one really worried about the Certificates themselves – until now. It seems the random numbers used to generate Certificates sometimes are the same.

To understand the problem it’s useful to take a 30 second tutorial on Digital Certificates. For those of you who might have managed to stay awake during math class you’ll remember that Asymmetric Cryptography utilizes 2 prime numbers to create a Public and Private Key for a Digital Certificate. The Public Key maps an input (that you want to keep secret) to a large number field while the Private Key reverses the transaction. The theory goes that since there’s an infinite set of prime numbers, there’s an infinite set of Public/Private key combinations. To make sure the prime numbers are different a Random Number Generator (RNG) is used. Sounds pretty secure. Infinite is a big number. What could go wrong?

Well the real world is a bit different than math class. It seems the random number generators (RNG) on computer devices really don’t generate an infinite set of primes but rather a bounded set that in turn generates a set of Public/Private Key combinations. This new analysis is a result of the dramatic cost reduction in high performance computing that now enables the simulation of a chip’s RNG function and the Certificates they generate.

From an Internet security perspective, the ability of a cyberattacker to know an organization’s Private Key has huge implications. Attackers can potentially impersonate web sites, intercept secure connections or decrypt any piece of data just by looking at the Public Key. Examples of this attack are not just seen in labs. In one case, for instance, on January 7 2019 the University of California Davis sent an advisory of all students visiting China that their “secure” What’sApp messages were being monitored.

For enterprises that rely on Digital Certificates for their…

Source…

‘The Internet’s On Fire;’ Software Vulnerability May Enable Worldwide Hack Attacks – CBS San Francisco

December 11, 2021/in Internet Security

BOSTON (AP) — A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.

“The internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.

The vulnerability, dubbed “Log4Shell,” was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,

Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.

New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.

The vulnerability, located in open-source…

Source…

The Internet’s Biggest Scams and the Tech to End Phishing

October 26, 2021/in Internet Security

Phishing is one of the most popular hacking methods used by cybercriminals. It’s easier to implement than other techniques and it’s considerably effective. According to ProofPoint, 74% of American businesses experienced a successful phishing attack during 2020.

There are several variants of phishing but email phishing represents up to 96% of phishing attacks. Email phishing consists of supplanting reputable or trusted senders to trick the victims into revealing sensitive information or delivering payments.

Phishing email example — Email phishing mock-up. Source: Andrew Levine/Wikimedia Commons

The pretexts are infinite.

Generally, these false emails tend to create a sense of urgency for the user so that they provide important data without thinking about it twice.

For instance, they might try to mimic a typical PayPal email and tell you that your account has been compromised and you need to confirm your password as soon as possible. They may redirect you to a link for a website that looks just like PayPal, and if you don’t find any sign that it’s not the real website (such as a misspelled URL), you would most likely supply hackers with your login data.

Consider this example as a starting point and imagine how serious phishing can be —especially because anyone can be targeted by these scammers.

Many times, phishers simply send these fraudulent emails to thousands of random addresses and wait for people to fall into the trap. But other times, phishing attacks are more targeted and sophisticated – often just the first step in a complex scam or attack which can lead to an incredible amount of financial losses and data breaches.

Google and Facebook

Between 2013 and 2015, Google and Facebook unknowingly paid $123 million to phisher Evaldas Rimasauskas. The 50-years-old Lithuanian attacker repeatedly impersonated Quanta, a Taiwan-based hardware vendor that had business relations with both companies. The hacker had even registered a company with the same name in Latvia.

Using fake invoices, Rimasauskas tricked Facebook and Google employees into sending him money to bank accounts located in Cyprus and Latvia.

Eventually, the scam was discovered and Rimasauskas was arrested, extradited to the…

Source…

NET Stock: Cloudflare Solves the Internet’s Need for Speed and Security

July 15, 2021/in Internet Security

Cloudflare (NYSE:NET) investors had to ride a roller coaster for the first five months of 2021. However, since mid-May, NET stock has been in growth mode, posting gains of over 50% from its low point. On July 9, it closed at $108.97, a new all-time high, though it has since eased back. Still within spitting distance of that record close, will NET stock run out of momentum, or does it still have room for growth?

Source: Sundry Photography / Shutterstock.com

I would argue that Cloudflare is a company with the right product mix at the right time to continue fueling long-term growth. Online shopping is only continuing to grow in popularity. Other services are moving online, including the transition from cable TV to streaming video services.

Cloudflare provides the critical services that keep online services fast, and keep them safe. It’s even a big part of exploding IoT (Internet of Things) growth. This Portfolio Grader “B” rated stock is up nearly 500% from its September 2019 public debut. Given the business Cloudflare is in, the stock growth may just be getting started.

The Importance of Website Speed

One of CloudFlare’s primary lines of business is being a CDN, or content delivery network. That may not sound exciting, but it is an increasingly important service — and one that was in the spotlight during the pandemic.

Cloudflare uses local servers to host critical website services so that users enjoy the speed they expect. Even if a user is logging in on a PC across the country from a company’s main data center, they hit a Cloudflare regional server first so there is no lag and no overload. That ensures online shopping, video conferencing, and other web-based activities offer a positive experience for all users, regardless of their location.

Now, more than ever, slow-loading websites are simply not acceptable. As Forbes’ Jason Hall wrote in 2019:

If a page loads slowly, many people will give up and go somewhere else. That can mean a loss of traffic to your site and a loss of dollars in your pocket. Your conversion rates may suffer, and your bounce rates — the number of people who leave your site after only visiting one page — may increase.

In…

Source…

Tag Archive for: Internet’s

Google and Facebook

The Importance of Website Speed