Archive | Cryptography


26 November 2015 | 387 views

Dell Backdoor Root Cert – What You Need To Know

So a few days ago the Internet exploded with chatter about a Dell backdoor root cert AKA a rogue root CA, almost exactly like what happened with Lenovo and Superfish. It started with this Reddit thread – Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish in the Technology […]

Continue Reading

19 November 2015 | 4,470 views

ISIS Running 24-Hour Terrorist Crypto Help-desk

There have been multiple mentioned of ISIS using encryption and ‘encrypted messaging systems’ in the news reports since the Paris incident, it turns out they mostly mean Telegram. Which we’ve only mentioned once before, when they got pounded by an epic DDoS attack. Now it turns out, ISIS has a whole help desk infrastructure set-up […]

Continue Reading

17 November 2015 | 2,523 views

KeeFarce – Extract KeePass Passwords (2.x) From Database

KeeFarce allows you to extract KeePass passwords (2.x) by using DLL injection to execute code and retrieve the database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%. KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# […]

Continue Reading

12 November 2015 | 1,374 views

ProtonMail DDoS Attack – Sustained & Sophisticated

So the ProtonMail DDoS Attack – if you’re not familiar ProtonMail is an secure, free, encrypted e-mail service that promises absolutely no compromises. It’s been getting hit hard since November 3rd, with a large scale rather sophisticated set of DDoS attacks rendering it unable to receive or send e-mail. It seems to have mitigated the […]

Continue Reading

18 June 2015 | 4,315 views

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed. Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple’s keychain […]

Continue Reading

21 May 2015 | 3,016 views

The Logjam Attack – ANOTHER Critical TLS Weakness

So it seems SSL/TLS has not been having a good time lately, alongside Heartbleed and POODLE we now have the Logjam attack. It’s somewhat similar to the FREAK attack earlier this year, but that attacked the RSA key exchange and was due to an implementation vulnerability rather than Logjam which attacks the Diffie-Hellman key exchange […]

Continue Reading

14 May 2015 | 1,308 views

BitTorrent Bleep – Encrypted, Decentralized Voice & Text App

So after running an open alpha for a while, BitTorrent Bleep is now finally public and official. The whole secure/transient messaging app/platform area is an interesting space, companies have come and gone, some have been compromised and some are still around (Snapchat, Poke, Wickr, Armortext etc). Bleep requires no personal info, just a nickname and […]

Continue Reading

02 April 2015 | 783 views

Google Revoking Trust In CNNIC Issued Certificates

So another digital certificate fiasco, once again involving China from CNNIC (no surprise there) – this time via Egypt. Google is going to remove all CNNIC and EV CAs from their products, probably with the next version of Chrome that gets pushed out. As of yet, no action has been taken by Firefox – or […]

Continue Reading

11 December 2014 | 1,415 views

Sony Digital Certs Being Used To Sign Malware

So at the end of November, Sony got owned, owned REAL bad – we wrote about it here: Sony Pictures Hacked – Employee Details & Movies Leaked. It seems in as a part of the massive haul of documents, the digital certificates used to sign software were also stolen. Which is bad, as you can […]

Continue Reading

27 November 2014 | 3,509 views

Bitcoin Not That Anonymous Afterall

One of the big advantages touted by Bitcoin (and other cryptocurrencies) was always the anonymity of the transactions, yes you can track a wallet address and see the transaction history. But there’s no real way to link that wallet address to a real person (so we thought). I mean other than any leaky fiat exchange […]

Continue Reading