This may seem like a very simple article to some of you out there but let me tell you in the “real world” this is a HUGE problem! Whenever you login to your email account, online banking account, or social media account you are always having to provide some sort of credentials to verify that you are who you say you are. The credentials that you are required to provide might be a username and password or something else. Most people I have seen use very simple passwords like the name of their dog, cat, fish, bird, or whatever with
Read More
All Posts
Denial of Service Attacks
Where do I start with Denial-of-Service (DoS) attacks? I guess I will start with saying that DoS attacks are very common and can be as simple as someone holding down the F5 key on their keyboard or they can be as complicated as a Distributed Denial-of-Service (DDoS) attack with thousands of botnets hitting an entire company’s network all at once. What a DoS Attack Is A DoS attack is someone trying to make a machine or network resource unavailable to its intended users. What a DDoS Attack Is A DDoS attack is the same thing as a DoS attack except
Read More
Cold Boot Attacks
Some of you might have heard about an attack called a cold boot attack. This attack is a side channel attack that is performed by stealing the encryption keys out of a systems DRAM and/or SRAM that has an encrypted hard drive. How It Works A cold boot attacks are pretty simple to preform, but for the group of people who figured it out, it was no walk in the park. The reason cold boot attacks work is because usually none of the information that is stored in your RAM is encrypted and therefore the attackers are able to gain
Read More
Bitlocker, Cold Boot Attack, Cryptography, dm-crypt, DRAM, Encryption, File Vault, RAM, SRAM, and TrueCrypt.
Does TrueCrypt Have a Future?
As some of you might have heard the 10 year old on-the-fly encryption (OTFE) software TrueCrypt was discontinued on May 28, 2014 by its anonymous developers. On May 28th of 2014 TrueCrypt’s website started forwarding visitors to sourceforge.net, which is a source code repository for free and open source software. Apparently the TrueCrypt developers discontinued this software project because of Microsoft ending support for Windows XP, and because the new OS’s already have built in encryption options. The TrueCrypt developers are recommending that you migrate your data that is encrypted by TrueCrypt to “virtual disk images supported on your platform”.
Read More
NSA Surveillance
First of all let’s start off with what the NSA’s goal is; their goal is to have total surveillance and control in secrecy. The good news is they can’t… completely. There is no boundary on what the NSA wants to do but there are sometimes boundaries on what they are funded to do. What we know so far is that the NSA has massive global surveillance systems. That covers everything from the National Reconnaissance office with their keyhole satellites to the NSA’s TURMOIL, TURBINE, and QFIRE systems to handle the internet. I am going to focus on the internet side
Read More
Der Spiegel, NSA, QFIRE, TURBINE, and TURMOIL.
Surveillance in the Modern Age
As you may have heard there are many different security agencies and people trying to spy on our every move. Luckily there is still hope for our society. We need to use VERY strong mathematics (cryptography) to put an end to mass surveillance at least at the network level. We can use tools such as the Onion router (Tor), I2P, and Freenet for avoiding someone monitoring your upstream and to provide end-to-end encryption (as long as you don’t exit the Tor network). We also need to use tools such as PGP and OTR messaging to protect our communications that might
Read More
AT&T, Cryptography, Five Eyes, Freenet, FVEY, GCHQ, I2P, iPhones, NSA, OTR Messaging, PGP, RedPhone, Security, Tails, TextSecure, Tor, Whistleblowers, and WikiLeaks.