You are viewing 'encryption'
Improving email security and privacy
It’s been a little over two years since Edward Snowden broke news about massive government surveillance in the United States and abroad. Since then, major applications have begun tightening security. It was made well known that the government has the ability to read your emails and listen to your phone calls by getting a court order or a subpoena and paying a small fee.
So, what changes have been enacted on the digital front? In this blog I’m going to focus on one area in particular, email.
Before mid-2013 emails were, for the most part, unencrypted, passed in clear text, and stored in clear text. After Snowden, changes started to occur almost immediately. The question is how far have they come?
a. Perfect Forward Secrecy (Nov 2014)
b. Transport Layer Security (TLS) (inbound and outbound as of Nov 2014)
c. Two-factor Authentication (Oct 2014). You have to enable this for... read more >
By now, most everyone has heard of the malware boogeyman known as ransomware. This is a type of malware that an end-user finds on a system after clicking a link with a malicious program or Trojan horse. Ransomware makes no secret of its presence on your machine. Similar to keystroke loggers, the focus is on you and your data.
How does ransomware work?
Ransomware restricts access to an infected computer and, as the nomenclature suggests, demands a ransom payable to the program creator in order to release control of the computer back to the... read more >
Protecting Credit Card Data and Meeting PCI DSS Requirements
Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?
Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.
Does this look like segmentation?
Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?
Of course not.
This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >
Analyzing Anomalous Data Structures
Malware authors are known for developing clever, interesting and sometimes dastardly ways to move, hide and distribute their wares to the masses.
They often work tirelessly to stay ahead of security analysts by playing on doubts, limitations and red tape. Some authors use trivial encryptions or encoding schemes like base64 while others use high-grade encryption or perform small modifications to a file to avoid detection.
If that does not work, the attacker can hide content in, or append content to image files or files made to look like images, but structurally they are another file type entirely. From a forensic standpoint, some of these files do not have a known structure and can be extremely difficult to identify and categorize, therefore they fall into the anomalous category.
In my thought process, anomalous data is that binary file that does not have an identified file structure.... read more >
Nine Tips For Your Holiday Gifts
Welcome! Welcome, one and all!
With Black Friday just around the corner, there is no doubt the holiday shopping season is upon us. For many, myself included, new phone FTW! This means a myriad of new electronic gadgets and gizmos.
Considering you are reading the Solutionary Minds blog, it stands to reason that you care about security. And because I've started setting up my new phone, it seems like a good time to discuss mobile device security.
The tips below apply primarily to phones, tablets and phablets (phones that are too big to be a normal phone and too small to be a true tablet), but many of these tips can help you protect laptops and other devices as well. The list certainly should not be considered all-inclusive, but applying it is a strong step in the right direction.
Nine Tips for Mobile Device Security
1. Enable Total-Device Encryption
Despite the ... read more >