Computer Internet network security News

One of the greatest miscalculations a business owner can commit is by not prioritizing how he will protect his computer system from unauthorized intrusions and data theft.

There is a common belief among business owners especially those that do not operate a big business that their small size makes them safe from the malicious intent of computer phreakers and data thieves. They think that in a sea full of big fishes a small fish will be ignored, secure in the fact they are not worth the exertion and computer time for notorious data thieves.

Nothing can be farther from the truth. In fact, smaller businesses are far more vulnerable to internet security threats and all manner of data theft and electronic sabotage. Based on a study made by research firm AMI-Partners, almost half of all small and medium sized businesses have failed to implement even the most rudimentary security precautions – which includes the installation of antivirus and anti spyware programs. This oversight could be the main reason why when the Mydoom worm hit a few years back, one in three small and medium sized businesses were affected compared to just one in six among the larger companies were affected. This was discovered by the Internet Security Alliance, a non profit organization that deals with information security issues.

In fact, now more than ever data and network protection should be given more attention because of the ever evolving sophistication of data thieves. They are now more equipped with the software and hardware necessary to break into security measures instituted by data managers. What could the chance be for a company to weather an attack if the owner forgets or ignores putting in place data security and encryption policies for his business because he thinks it will just be an additional cost? Practically zero and the untold cost to his business would be far more greater.

It is for this reason that data security and encryption should be one of the priorities of a business. Anyone is vulnerable to an attack whether that business is an international conglomerate or a new start up. In fact, a big business will have more chance to recover compared to a small business because a big company will have the read funds available to rebuild the business. A small business, on the other hand, will not have the necessary funding to start the business all over again – making an attack quite catastrophic.

These facts are not lost on many software providers who are now coming up with many types of solutions that guarantee the safety of data in an office’s network. There are also software that bring security to a higher level by incorporating encryption technology in order to safeguard not only sensitive data but also to make it harder for hackers to get into networks or intercept data being transmitted from the corporate network to devices outside of the network. Encryption technology can, in fact, be seen as one of the highest levels of protection that a business can employ in order to ensure the integrity of its data and its computer network.

To do a cell phone lookup or extract information from unlisted numbers, visit: reverse cell phone lookup. reverse cell phone lookup provide you with information on almost any cell phone number or any other number that you need to know the identity of. If you need to do a reverse phone number look up, go to reverse cell phone lookup now!

Encryption communication, computer, Computer security technology, Encryption

Passwords control access to resources or devices. This is accomplished through the definition a password or secret that is used in order to authenticate requests. When a request is received for access to a resource or device, the request is challenged for verification of the password and identity, and access can be granted, denied, or limited based on the result. As a security best practice, passwords must be managed with a TACACS+ or RADIUS authentication server. However, note that a locally configured password for privileged access is still be needed in the event of failure of the TACACS+ or RADIUS services. A device can also have other password information present within its configuration, such as an NTP key, SNMP community string, or Routing Protocol key.

The enable secret command is used in order to set the password that grants privileged administrative access to the Cisco IOS system. The enable secret command must be used, rather than the older enable password command. The enable password command uses a weak encryption algorithm.

If no enable secret is set and a password is configured for the console tty line, the console password can be used in order to receive privileged access, even from a remote virtual tty (vty) session. This action is almost certainly unwanted and is another reason to ensure configuration of an enable secret.

The service password-encryption global configuration command directs the Cisco IOS software to encrypt the passwords, Challenge Handshake Authentication Protocol (CHAP) secrets, and similar data that are saved in its configuration file. Such encryption is useful in order to prevent casual observers from reading passwords, such as when they look at the screen over the muster of an administrator. However, the algorithm used by the service password-encryption command is a simple Vigenère cipher. The algorithm is not designed to protect configuration files against serious analysis by even slightly sophisticated attackers and must not be used for this purpose. Any Cisco IOS configuration file that contains encrypted passwords must be treated with the same care that is used for a cleartext list of those same passwords.

While this weak encryption algorithm is not used by the enable secret command, it is used by the enable password global configuration command, as well as the password line configuration command. Passwords of this type must be eliminated and the enable secret command or the Enhanced Password Security feature needs to be used.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing. This algorithm has had considerable public review and is not known to be reversible. However, the algorithm is subject to dictionary attacks. In a dictionary attack, an attacker tries every word in a dictionary or other list of candidate passwords in order to find a match. Therefore, configuration files must be securely stored and only shared with trusted individuals.

Encryption cisco, Encryption, Password-management

Software development is a process in which each and every aspect is a concern. When it comes to security it becomes the priority of software management team because a single flaw can ruin the development process. Following are some concerning areas where loophole may occurs.

1- Validating Input 

There must be a verification and validation of data input so the attacker cannot confuse the system.

2-Integrity of Application programming interfaces

API Application programming interfaces are ways to access software functions. If you access such features in unexpected ways, you can create security loopholes.

3- Encryption and Authentication 

Encryption and Authentication  are two areas where loopwhole can occur and later will be damaging to the whole system.

4- Common Errors 

This is the area where simple mistakes can cause loopwhole. Normally due to debugging process this can be control but still due concern in this area is needed.

5- Coding Standard 

Coding must be up to a standard and  strict guideline to be observed is applied there. The poor quality coding can create loopwholes which are more vulnerable to system.

6- Autonomy
Autonomous systems working together across networks need to be aware of each other’s state of operation. If attackers can find loopholes to exploit differences in state, distributed applications can be compromised.

Security software Authentication, Encryption, security loopholes, software functions, software-development, verification and validation

A cryptogram is a block of text which has been rendered unreadable through the use of what is called a “substitution cypher”. This means that each letter used in the original text has been substituted with another (G becomes A, F becomes P, etc.). Letter/word positions, spaces and punctuation remain unchanged.

Cryptograms have been used as a means of protecting sensitive information for thousands of years, though today computers and more advanced cryptographical methods have made simple substitution cyphers much less practical. Still, they live on in newspapers and puzzle books as a popular form of brain exercise.

Why another cryptogram website?

There are a lot of other websites out there which offer cryptograms, but I wanted to offer a new type of online cryptogram software which could be played exactly as you would play it on paper. Cryptograms.org requires no special keypunches, pull-down menus, or dragging-and-dropping. You can play these puzzles just as you would with pencil and paper – enter a letter anywhere in the puzzle, and the software will automatically copy it for you across all companion positions.

How do I solve a cryptogram?

Cryptograms are solved primarily by two methods. First, pattern recognition. The easiest to recognize are single-letter words, which generally can only be A or I (or, rarely, O). Then there are a limited number of two-letter words such as IN, IS, IT, TO, AN, AT, AS, WE, HE, US, etc. One trick in particular is to look for the common TH- words, i.e. THE, THAT, THEN, THEY, THERE, THEIR.

Secondly, the successful cryptogrammer will use letter frequency to help suss out a difficult puzzle. The twelve most frequently-used letters in the English language are ETAOIN SHRDL, in that order. The least common letters are JXQZ. If you notice a certain letter being used again in again in any given cryptogram, at a frequency much higher than any other letter, its a good bet that its unencrypted form will be one of the ETAOIN group.

More at http://www.cryptograms.org/

Cryptography cryptogram, Cryptography, Encryption

  In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage that there is theoretically no way to “break the code” by analyzing a succession of messages. Each encryption is unique and bears no relation to the next encryption so that some pattern can be detected. With a one-time pad, however, the decrypting party must have access to the same key used to encrypt the message and this raises the problem of how to get the key to the decrypting party safely or how to keep both keys secure. One-time pads have sometimes been used when the both parties started out at the same physical location and then separated, each with knowledge of the keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is revealed, the messages encrypted with it can easily be deciphered. One-time pads figured prominently in secret message transmission and espionage before and during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling secret keys led to the invention of public key cryptography.

One-time pads don’t make sense for mass-market encryption products. They may work in pencil-and-paper spy scenarios, they may work on the U.S.-Russia teletype hotline, but they don’t work for you. Most companies that claim they have a one-time pad actually do not. They have something they think is a one-time pad. A true one-time pad is provably secure (against certain attacks), but is also unusable.

Elementrix, now defunct, announced a one-time pad product a few years ago, and refused to recant when it was shown that it was no such thing. More recently, TriStrata http://www.tristrata.com  jumped on the world’s cryptography stage by announcing that they had a one-time pad. Since then, they’ve been thoroughly trounced by anyone with a grain of cryptographic sense and have deleted the phrase from their Web site. At least they’ve exhibited learning behavior.

The one time pad is a private key method of encryption, and requires the safe and secure distribution of the pad material, which serves as the key in our solution. The security of the key distribution comes down to how secure you want to be — for communicating point-to-point with one other person, we suggest a face-to-face hand-off of the pad material.” Remember that you need to hand off the same volume of bits as the message you want to send, otherwise you don’t have a one-time pad anymore.

Cryptography Cryptography, Encryption, one-time-pad

Refers to a cryptography or security product that makes exaggerated claims of what the product is capable of, giving the user a false sense of security. The term snake oil, which is credited to Matt Curtin for using in reference to computer security products, comes from the 19^th-century American practice of selling cure-all elixirs in traveling medicine shows. Snake oil salesmen would falsely claim that the potions would cure any ailments. The term has been appropriated to mean security and encryption products that make impossible claims, such as unbreakable codes.

The problem with bad security is that it looks just like good security. You can’t tell the difference by looking at the finished product. Both make the same security claims; both have the same functionality. Both might even use the same algorithms: triple-DES, 1024-bit RSA, etc. Both might use the same protocols, implement the same standards, and have been endorsed by the same industry groups. Yet one is secure and the other is insecure.

Many cryptographers have likened this situation to the pharmaceutical industry before regulation. The parallels are many: vendors can make any claims they want, consumers don’t have the expertise to judge the accuracy of those claims, and there’s no real liability on the part of the vendors (read the license you agree to when you buy a software security product).

This is not to say that there are no good cryptography products on the market. There are. There are vendors that try to create good products and to be honest in their advertising. And there are vendors that believe they have good products when they don’t, but they’re just not skilled enough to tell the difference. And there are vendors that are just out to make a quick buck, and honestly don’t care if their product is good or not.

Most products seem to fall into the middle category: well-meaning but insecure. I’ve talked about the reason in previous CRYPTO-GRAM essays, but I’ll summarize: anyone can create a cryptography product that he himself cannot break. This means that a well-meaning person comes up with a new idea, or at least an idea that he has never heard of, cannot break it, and believes that he just discovered the magic elixir to cure all security problems. And even if there’s no magic elixir, the difficulty of creating secure products combined with the ease of making mistakes makes bad cryptography the rule.

Cryptography cipher, Cryptography, Encryption, snake-oil

Cryptography alogrithm, cipher, Cryptography, Encryption

The process of converting data into a coded form (ciphertext) to prevent it from being read and understood by an unauthorized party. 

Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, providing privacy. The receiver of the encrypted text uses a “key” to decrypt the message, returning it to its original plain text form. The key is the trigger mechanism to the alogrithm.

Until the advent of the Internet, encryption was rarely used by the public, but was largely a military tool. Today, with online marketing, banking, healthcare and other services, even the average householder is aware of encryption.

Web browsers will encrypt text automatically when connected to a secure server, evidenced by an address beginning with https. The server decrypts the text upon its arrival, but as the information travels between computers, interception of the transmission will not be fruitful to anyone “listening in.” They would only see unreadable gibberish.

There are many types of encryption and not all of it is reliable. The same computer power that yeilds strong encryption can be used to break weak encryption schemes. Initially, 64-bit encryption was thought to be quite strong, but today 128-bit encryption is the standard, and this will undoubtedly change again in the future.

Simple Encryption with XOR: Now depending on the encryption algorithm, we may also need a decryption key. Public-key encryption has two keys- this is assymetrical encryption. A simple xor though can use the same password for both encryption and decryption as the XOR operator has the property that when

C = A XOR B

then

B = A XOR C

and

A = B XOR C.

Any algorithm can be used that takes the original text and processes it using the encryption key so long as there is a corresponding decryption key. For the strongest encryption, one of the well-tested algorithms such as AES (Advanced Encryption Standard) should be used.

Cryptography, E, Encryption, Glossary of computer security cipher, Cryptography, E, email-security, Encryption, Glossary-of-computer-security, web--browser

A technology used in Windows 2000 and later versions that enables users to encrypt files and folders on NTFS volumes. EFS protects the confidentiality of data by ensuring that only the original user has access to them.

In many businesses, users share desktop computers. Some users travel with portable computers that they use outside the physical protection of the business, in customer facilities, airports, hotels, and at home. This means that valuable data is often beyond the control of the business. An unauthorized user might try to read data stored on a desktop computer. A portable computer can be stolen. In all of these scenarios, malevolent parties can gain access to sensitive company data.

One solution to help reduce the potential for stolen data is to encrypt sensitive files by using Encrypting File System (EFS) to increase the security of your data. Encryption is the application of a mathematical algorithm to make data unreadable except to those users who have the required key. EFS is a Microsoft technology that lets you encrypt data on your computer, and control who can decrypt, or recover, the data. When files are encrypted, user data cannot be read even if an attacker has physical access to the computer’s data storage. To use EFS, all users must have Encrypting File System certificates-digital documents that allow their holders to encrypt and decrypt data using EFS. EFS users must also have NTFS permission to modify the files.

More at Microsoft

E, Encryption, Glossary of computer security E, efs, encrypting-file-system, Encryption, Glossary-of-computer-security, Microsoft security

1.) Letting Space=00, A=01, B=02, …, Z=26, encode the following message using the public key (42173,23).

I DO NOT LIKE OVALTINE BUT I DO LIKE CAPTAIN MIDNIGHT

To do the encoding, block the letters in groups of two. So, for example, DO = 0415. To test your solution, send your message to our “encryptor.”

2.) As in (1), the following message was encoded using the same scheme and public key. See if you can properly decode it using the decryption exponent D= 5447.

24018 24784 23890 27866 4286 21586 24719 14460

3.) Digital Signatures:

The other aspect of the RSA algorithms, that was not discussed above, is its ability to verify the sender of the message. This is done using a digital signature. To be of any use this signature must be easy to generate and easy for the receiver to verify, but difficult to decode otherwise. There are various methods for generating such digital signatures, but one of the easiest exploits the inverse relation of the public enciphering and secret deciphering keys by reversing their roles.

To generate a digital signature, the sender “encodes” each plaintext block but for programs themselves. A virus that infects such a ‘protected’ program would no doubt neglect the encryption algorithm and authorization/checksum signature. The program could then check itself each time it loads, and thus detect the presence of file corruption. Naturally, such a method would have to be kept VERY secret, as virus programmers represent the worst of the code breakers: those who willfully use information to do damage to others. As such, the use of encryption is mandatory for any decent anti-virus protection scheme.

A cyclic redundancy check is one typically used checksum method. It uses bit rotation and an XOR mask to generate a 16-bit or 32-bit value for a data stream, such that one missing bit or 2 interchanged bits are more or less guaranteed to cause a ‘checksum error’. This method has been used for file transfers for a long time, such as with XMODEM-CRC. The method is somewhat well documented, and standard. But, a deviation from the standard CRC method might be useful for the purpose of detecting a problem in an encrypted data stream, or within a program file that checks itself for viruses.

Read more at http://www.mrp3.com/encrypt.html

Encryption data-encryption, Encryption, methods-data-encryption