Archive | Cryptography


12 January 2012 | 9,911 views

Sprint Adds Google Wallet Into New NFC Capable Phones

Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper. If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia). The main concern here (security wise) is […]

Continue Reading


29 November 2011 | 10,667 views

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security […]

Continue Reading


22 November 2011 | 10,296 views

OpenPGP JavaScript Implementation Enables Encrypted Webmail

This is a pretty interesting progression in the encryption field, I’m pretty sure most of us here will use some kind of key based e-mail encryption (PGP/GPG etc) and various different software based implementations. Or perhaps some of you already use something totally web-based like Hushmail, the story is that researchers in Germany have managed […]

Continue Reading


15 November 2011 | 20,400 views

Private Signed Certificate From Malaysian Government Used To Spread Malware

It wasn’t too long ago (about 6 months) when we reported about Malaysia Government Sites Under Attack From Anonymous – which was somewhat suspicious. And well that’s about the only story we’ve had about Malaysia really. Perhaps that incident and spate of attacks and intrusions had something to do with this most recent story, the […]

Continue Reading


06 October 2011 | 9,751 views

CIAT – The Cryptographic Implementations Analysis Toolkit

The Cryptographic Implementations Analysis Toolkit (CIAT) is a compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). It is particularly helpful in the forensic analysis and reverse engineering of malware using cryptographic code and encrypted payloads. This was […]

Continue Reading


16 August 2011 | 11,951 views

Mediggo – Tool To Detect Weak Or Insecure Cryptosystems Using Generic Cryptanalysis Techniques

Mediggo is an opensource cryptanalysis library. This library implements generic cryptanalysis techniques to detect weak or insecure cryptosystems or learn and practice with cryptanalysis. This library is open source (LGPL licence) and written in C programming language. Samples and test cases are provided with each techniques: the solution is not always given to make people […]

Continue Reading


07 June 2011 | 11,624 views

RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised

Well we did say assume SecurID was broken back in March when we wrote – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken. With the recent news Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach and another US Military sub-contractor compromised through SecurID tokens – RSA have […]

Continue Reading


31 May 2011 | 7,257 views

Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach

You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken – where we questioned their […]

Continue Reading


20 May 2011 | 12,096 views

Google Proposes Way To Speed Up SSL Handshake

I’m always interesting when it comes to cryptography and cryptographic trickery. We all know, the main problem with SSL is speed – it can really slow your surfing experience down and for most people it annoys them enough to just not use it. Google researchers claim they’ve devised a way to reduce that painful wait […]

Continue Reading


02 May 2011 | 8,557 views

sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by […]

Continue Reading