Tag Archive for: list

Kryptowire Named on CRN’s Mobile 100 List for 2022 

/in


MCLEAN, Va.–()–Kryptowire Inc., a mobile security and privacy solutions company, has today announced that CRN®, a brand of The Channel Company®, will be featuring Kyptowire’s Mobile App Security Testing (MAST) on this year’s Mobile 100 list in the Mobile Security Tools Category. Each year, the annual CRN Mobile 100 list shines a spotlight on the top products from IT suppliers working in the mobility space.

CRN’s Mobile 100 list has quickly become a trusted resource for solution providers searching for the best mobile technology from vendors. Products selected for the 2022 list were chosen by a panel of CRN editors across nine categories: Android Phones, Android Tablets, Apple Devices, Chromebooks, Foldable Phones, Mobile Management Tools, Mobile Security Tools, Smartwatches and Windows Laptops.

Kryptowire is joining an elite group of IT vendors and suppliers who earned their respective spots on CRN’s annual Mobile 100 list by creating mobile-centric products that focus on efficiency, ease of use, and innovation.

“CRN’s Mobile 100 list includes products from top vendors who are leading the way in the mobile market with cutting-edge offerings that help the channel meet today’s need for ‘work from anywhere’ solutions,” said Blaine Raddon, CEO of The Channel Company. “We commend the companies recognized on this year’s list as their products are key building blocks for mobile IT solutions, and we look forward to seeing more innovation from them in the future.”

Kryptowire’s Mobile Application Security Testing (MAST) platform detects security, privacy, and code quality issues on iOS and Android Apps, without needing to access the source code. This tool gives enterprises detailed insight to their security, compliance, and privacy risks of the apps that are being developed within an environment, automatically. Its analysis technology, combined with mobile-first heritage, helps developers ensure security, privacy, and code measures of their apps and the libraries they are using for mobile devices.

“We are excited to be included on the CRN Mobile 100 list for 2022, especially in today’s digitized world, where individuals,…

Source…

Making Sense of RFCs: Reading List

/in


If you’re looking for resources to help you learn about the world of cybersecurity, here are the 7 RFCs Roxy, Hurricane Labs’ Director of Compliance, recommends you start with. Looking for more details? Check out their webinar, Making Sense of RFCs!

The List

1. RFC 2196 Site Security Handbook

RFC 2196 (Site Security Handbook) “is a guide to developing computer security policies and procedures for sites that have systems on the Internet.” It goes over, in detail, such topics as why you’d want a security policy and how to handle incident response.

DevOps/Cloud-Native Live! Boston

2. RFC 2504 Users’ Security Handbook

Even though it was written in 1999, RFC 2504 (Users’ Security Handbook) has advice that still hasn’t aged much, such as “How to Prepare for the Worst in Advance” and “Encrypt Everything… Shred Everything Else.”

3. RFC 6274 Security Assessment of [IPv4]

Written in 2011, RFC 6274 (Security Assessment of IPv4) uses several RFCs as sources and fully describes IPv4 and considers the security of its features. It includes known issues that have not previously been addressed by other RFCs.

4. RFC 6454 The Web Origin Concept

RFC 6454 mentions security implications of the same-origin policy. Web Origin is, according to Mozilla, “defined by the scheme (protocol), hostname (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, hostname, and port all match.”

5. RFCs 9110 HTTP Semantics

Just released this week, RFC 9110 (HTTP Semantics) obsoletes most of the HTTP RFCs mentioned in our webinar. It explains the “Core Semantics” of HTTP, regardless of version, which are important to understand when observing and working with HTTP traffic. There are also new RFCs for HTTP 1.1 (9112), HTTP 2 (9113), and HTTP 3 (9114).

Table 1 from RFC 9110 shows all the RFCs it obsoletes:

Source…

What is the Blake256r14 Algorithm? Blake256r14 Coin List

/in


Cryptographic hash functions are vital security components of current computers. They form a key part of digital signatures, message authentication codes, and other security protocols.

So far, there are four series of cryptographic hash functions generally known as Secure Hash Algorithms (SHA). These are SHA-0 (published in 1993), SHA-1 (published in 1996), SHA-2 (published in 2001), and SHA-3 (published in 2015). 

In 2007, the National Institute of Standards and Technology (NIST) opened a public competition to develop new hash functions that would replace SHA-2.

The competition accounted for 51 participants. BLAKE was announced as one of the five finalists in 2010, but lost to Keccak in 2012, which was selected for the SHA-3 algorithm.

Blake256 or Blake256r14?

Blake256 and Blake256r14 are virtually the same, the only difference being their rounds of hashing. The first Blake256 had only 10 rounds of hashing, but this was less secure. Therefore, the rounds of hashing were increased to 14 to improve the security. This birthed Blake256r14 or Blake 14r.

What is Blake256r14?

Blake256r14 was constructed based on the Hash Iterative Framework (HAIFA). This framework fixes the security flaws and complexities associated with the Merkle and Damgård hash function. Because it is built on HAIFA, Blake256r14 is easy to analyze. It also increases the security of iterative hash functions. Its 14 rounds of hashing not only improve its security, but its speed.

Being a SHA-3 finalist means that it was reviewed carefully and also brutally attacked by renowned crypto analysts in order to identify its security flaws. Blake256r14 allows efficient hardware implementation leading to stronger proofs necessary for network security.

Blake256r14 and Crypto

Blake256r14 is not used widely as a hashing algorithm in crypto. Only one coin uses this algorithm: Decred.

Decred (DCR)

Currently ranked 83rd by market capitalization, Decred was created in 2016 to foster open governance, community engagements and sustainable funding policies. The project was designed so that the community validates every transaction and modification made to the…

Source…

Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List 

/in


The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021.

These threats were outlined in a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States, Australia, Canada, New Zealand and the United Kingdom.

Cybersecurity Live - Boston

The advisory provided details on the top 15 common vulnerabilities and exposures (CVEs) routinely exploited by malicious actors in 2021, as well as other CVEs that were frequently exploited.

The CSA noted exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.

The report also offered a series of mitigation actions, which include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious actors.

Serious Vulnerabilities

Bud Broomhead, CEO at Viakoo, a provider of automated IoT cyber hygiene, noted both Log4j and Microsoft Exchange vulnerabilities were both extremely serious but in different ways.

“Log4j brought a lot of attention to vulnerabilities being delivered via open source software libraries and their ability to be present in hundreds, if not thousands, of makes and models of devices, particularly IoT,” he said.

From his perspective, compared to vulnerabilities impacting just one manufacturer, the blast radius from Log4j is enormous.

“Because of the diversity of devices infected by Log4j, it also highlighted how many IoT devices can be functioning within an organization past its end-of-life date,” he said. “For those devices, there will never be a patch available to remediate vulnerabilities like Log4j.” 

He explained that Microsoft Exchange Server vulnerabilities (like ProxyLogon) highlighted a different but equally serious issue; how long it takes to patch a system once a patch is available.

In the case of Exchange Server, it was one of the most urgent and visible vulnerabilities of 2021, yet six months after the patch was made available, 30%…

Source…