encryption

Slow Down! You’re in a Public Environment

These days, if you’re planning to spend time at an airport terminal or a coffee shop – it’s likely that you’ll look for a public Wi-Fi hotspot to connect to, and perhaps a charging station, to make sure you don’t run out of power. While our distraction level is  high when we’re out and about…

Exceptional Access: An ‘Exceptionally’ Bad Idea

We the people — citizens, residents, visitors — have fundamental needs and inalienable rights. To give these concepts any meaning, we need to be secure from our adversaries and free to communicate. As such, we’ve given the government a mission: the money, mandate, and framework to help keep us safe. This vital work is performed…

The Apple iMessage Encryption Vulnerability

A team of researchers at Johns Hopkins (Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan) discovered a profound vulnerability in how Apple’s iMessage encrypts data. The flaw allows the attacker to correctly guess the cryptographic key that decrypts iMessage attachments, which enables the attacker to determine the contents of the underlying data.…

Secure Crypto: Weak Ciphers Be Gone!

There are a number of cryptographic algorithms that, for one reason or another, should no longer be used. Current TLS specifications and implementations still allow the use of these ‘weak’ algorithms and businesses are still using them. In TLS, the cryptographic algorithms used in a connection are bundled together to form cipher suites. Each cipher…

Secure Crypto: Cluster Cracker

At a recent conference, Passwords^12, Jeremi M Gosney the Founder & CEO of Stricture Consulting Group, presented his latest password cracking project. Jeremi combined 25 AMD Radeon GPUs, across eighteen cards, and across five servers in a cluster. This beast he created has the ability to make nearly 350 billion (yes, that’s 350 million million!)…

Keys, Clouds and Conferences

As I mentioned in my last blog, one of the sessions I gave recently at RSA Conference China was a discussion of “Keys and Clouds”, exploring various models for key management and encryption in the cloud. It’s a topic that comes up often in my meetings with customers about private, public and hybrid cloud strategy.…