Archive | Cryptography


22 November 2011 | 10,294 views

OpenPGP JavaScript Implementation Enables Encrypted Webmail

This is a pretty interesting progression in the encryption field, I’m pretty sure most of us here will use some kind of key based e-mail encryption (PGP/GPG etc) and various different software based implementations. Or perhaps some of you already use something totally web-based like Hushmail, the story is that researchers in Germany have managed […]

Continue Reading


15 November 2011 | 20,400 views

Private Signed Certificate From Malaysian Government Used To Spread Malware

It wasn’t too long ago (about 6 months) when we reported about Malaysia Government Sites Under Attack From Anonymous – which was somewhat suspicious. And well that’s about the only story we’ve had about Malaysia really. Perhaps that incident and spate of attacks and intrusions had something to do with this most recent story, the […]

Continue Reading


06 October 2011 | 9,747 views

CIAT – The Cryptographic Implementations Analysis Toolkit

The Cryptographic Implementations Analysis Toolkit (CIAT) is a compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). It is particularly helpful in the forensic analysis and reverse engineering of malware using cryptographic code and encrypted payloads. This was […]

Continue Reading


16 August 2011 | 11,948 views

Mediggo – Tool To Detect Weak Or Insecure Cryptosystems Using Generic Cryptanalysis Techniques

Mediggo is an opensource cryptanalysis library. This library implements generic cryptanalysis techniques to detect weak or insecure cryptosystems or learn and practice with cryptanalysis. This library is open source (LGPL licence) and written in C programming language. Samples and test cases are provided with each techniques: the solution is not always given to make people […]

Continue Reading


07 June 2011 | 11,621 views

RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised

Well we did say assume SecurID was broken back in March when we wrote – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken. With the recent news Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach and another US Military sub-contractor compromised through SecurID tokens – RSA have […]

Continue Reading


31 May 2011 | 7,256 views

Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach

You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken – where we questioned their […]

Continue Reading


20 May 2011 | 12,091 views

Google Proposes Way To Speed Up SSL Handshake

I’m always interesting when it comes to cryptography and cryptographic trickery. We all know, the main problem with SSL is speed – it can really slow your surfing experience down and for most people it annoys them enough to just not use it. Google researchers claim they’ve devised a way to reduce that painful wait […]

Continue Reading


02 May 2011 | 8,540 views

sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by […]

Continue Reading


25 March 2011 | 8,605 views

RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken

About a week ago we tweeted about the “Open Letter” from RSA to customers, a rather vague letter. If you haven’t read it yet, you can do so here. To summarise, they basically said “Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. […] Our investigation also revealed […]

Continue Reading


28 January 2011 | 10,206 views

Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers

We published the story about the Playstation 3 (PS3) Finally Hacked & Exploit Released back in January 2010. The exploit of course developed by the very prolific hacker and jailbreaker extraordinaire Geohot. He became notorious way back in 2007 by fulling unlocking the iPhone and then again in 2008 by jailbreaking the iPhone running 1.12 […]

Continue Reading