ShatterDOC Original Material

Wednesday, June 3, 2015

DailyTech - Japanese Researchers Crack Supposedly Hack-Proof Cryptography

Or, as Scooby Doo usta say "Rut Rho!"

"Researchers who developed standard claimed it would take "thousands of years to crack", but it took only 148 days

"We're living in either a dark, dysmal time for cryptographers or a golden, glorious age for hackers depending on how you look at it.  Casual hackers are making short work of supposedly modestly-secure older hashing standards like MD5, and even supposedly-super-secure "strong" encryption techniques are falling to novel attacks."

This article is not for the faint of heart or those adverse to the icky innards of cryptology. But it has a lot of insight into why computer security is in so much trouble. A great nerd read.

Consumer Cloud Security Is an Oxymoron

After some mental rummaging around this article reaches the startling conclusion that "There is still no framework for modernizing and standardizing security at every level of our cloud infrastructure. It is hodgepodge of things that do not work very well and still manage to leave gaping holes."

As we've been trying to tell folks for years!

A history of Internet security - Washington Post

This is a kewl article for everyone. Those of us old enough to remember that glorious day when Al invented the Internet can revisit the good ol' days. Those who were born this century can see what the olden days were like. In either case it's an interesting sequential list of what the authors think were the important events leading to today's insecure network.

Compromised Routers: Who's Responsible?

by Mathew J. Schwartz Data Breach Today
An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?

http://www.databreachtoday.com/router-hacks-whos-responsible-a-8233?

If you haven't done it - CHANGE THE DEFAULT PASSWORD!

How to turn your embarrassing Google searches into a hack-proof password

 "We have a password problem. Each year, millions of our accounts are broken into, and no matter how many times we're told to make our PINs more secure, the most common passwords last year were almost willfully obvious: "123456," "password," and "12345".

"There must be a better way.

"Imagine if, when logging in to check your email, you were prompted with a personal question like, "What new song did you download yesterday?" or "Who was the first person to text you this morning?""

This article proposes a new way to have security without having to remember complex passwords.


Speaking just for myself, I have no idea who the first person who texted me this morning was!

Friday, May 22, 2015

LogJam Exposed: 575 Cloud Services Potentially Vulnerable to Man-in-the-Middle Attacks



CLOUD SECURITY ALLIANCE | MAY 21, 2015
By Sekhar Sarukkai, VP of Engineering, Skyhigh Networks 

LogJam, the latest in a spate of web vulnerabilities, was exposed on Tuesday evening by a team including Mathew Green, assistant research professor at Johns Hopkins University, experts from University of Michigan and the University of Pennsylvania, and researchers from Microsoft Research and INRA, who were part of the team that initially discovered the FREAK vulnerability. The vulnerability is derived from an encryption flaw, essentially created by USGov requirements. Specifically, any servers that support export grade DHE cipher suits are vulnerable to LogJam.
 
https://blog.cloudsecurityalliance.org/2015/05/21/logjam-exposed-575-cloud-services-potentially-vulnerable-to-man-in-the-middle-attacks/

Until websites convert to Hackproof Technologies new server technology these security issues will continue. 

Thursday, May 7, 2015

The Main Cyber Threats to Web Sites and Visitors

Based on and quotes from an article by Symantec - CSO | The Resource for Data Security Executives

"Cyber attackers are leapfrogging defenses in ways companies don't even have the insight to anticipate"

Phishing attacks and their highly targeted siblings spear-phishing attacks involve targeted messages being sent to individuals, But there are attacks on websites instead of people that affect every visitor. And you may not be aware your website is spreading malicious infections!

"In a watering hole attack attackers infiltrate places people go. For example, they might inject a vulnerability into a website they know their visits. This bypasses the measures put in place to block malicious email.

"A variation of this is bad actors infiltrating software used in specific industries with malicious payloads. For example, if a mining company uses a specific application, a hacker could infect that software at the developer’s site so that the malicious payload enters the mining company through a seemingly legitimate channel." [Key chain attack]


Because GPUs can NEVER be completely protected website owners will ALWAYS be playing catch-up and endangering their visitors (Paraphrase from Dr.M)

There IS a solution on the way...