How Diffie-Hellman Key Exchange can Cause Availability Issues
The Diffie-Hellman key exchange is a cryptographic protocol that allows parties to establish a shared secret over an insecure channel. The security of this k...
Recent posts
Bitcoin account hijacking using OSINT techniques
Researchers at Kudelski Security have managed to break Bitcoin and Ethereum wallets using a novel attack against one of the most popular asymmetric key algor...
Chinese researchers: RSA is breakable. Others: Do not panic!
Quantum computing not only poses a great opportunity, but also a great threat to internet security. According to the promises of quantum computers, certain m...
No Zero Trust Network without strong authentication
What is Zero Trust and why is it important?
Weakened encryption is a silver bullet - not just for law enforcement agencies, but for cybercriminals
The member states of the United Nations are preparing to negotiate a draft of a new convention on cybercrime. United Nations Office of Drugs and Crime have i...
The internet is a global village, not a metropolis
The internet: where everybody is your neighbor
How would Zero Trust prevent a Log4Shell attack?
There is a seemingly trivial solution to any remote code execution attacks, namely: not to let the inbound traffic match the pattern that triggers the vulner...
Modern Techniques to Prevent Malware instead of Detecting It
Though we would not argue against the importance of detecting malware, there should also be a cheap and effective step before detection, namely prevention. A...
CryptoLyzer: A comprehensive cryptographic settings analyzer
CryptoLyzer is a multiprotocol cryptographic settings analyzer with SSL/TLS, SSH, and HTTP header analysis ability. The main purpose of the tool is to tell y...
Zero Trust: Is it anything new?
In theory, it isn’t particularly new. The term zero trust has been around for more than 55 years. De-perimeterisation, the main concept behind Zero Trust Arc...
Cryptography Weakening: A Tale of the Law-abiding Criminal
The EU Council says backdoor and security are compatible. The idea is fundamentally flawed.
Why Do Certificate Revocation Checking Mechanisms Never Work?
The certificate revocation system, just like any other cyber security mechanism, is needless, as long as everything is going well, but becomes essential when...
Minority Report on Let’s Encrypt CAA Rechecking
After the Let’s Encrypt CAA rechecking incident we have to say that the certificate revocation system is not only theoretically broken, but also in practice....