Pages: 1 2 3 ...4 ... 6 ...8 ...9 10 11 12 ... 15

  2014-09-05

Capturing PINs using an IR camera

  By Hagai Bar-El   , 97 words
Categories: Security

This video demonstrates how an IR camera, of the type that can be bought for a reasonable price and attached to a smart-phone, can be used to capture a PIN that was previously entered on a PIN pad, by analyzing a thermal image of the pad after the fact. When the human finger presses a non-metallic button, it leaves a thermal residue that can be detected on a thermal image, even if taken many seconds later.

The video refers to the article: Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, written in UC San-Diego.

  2014-08-19

Protecting network neutrality: both important and hard

  By Hagai Bar-El   , 2362 words
Categories: Security Policies

The term “network neutrality” is mentioned very often lately; also in the context of FCC ruling, such as here, and here. Since the definition of net neutrality is not always clear, this topic is not subject to as much public debate as it probably should. Here is my take of what network neutrality is, and why it is difficult to regulate and enforce. I will start with my proposed technical and service-related definition of “network neutrality", and will follow with a brief explanation of why this is both difficult and important.

Read more »

Pages: 1· 2· 3

  2014-07-24

TrueCrypt alternatives?

  By Hagai Bar-El   , 660 words
Categories: IT Security, Products

It has been a while since the announcement of the demise of TrueCrypt (which I reported), and an equivalent replacement for all those people who rely on it is not yet evident. TrueCrypt did not revive yet, but the situation is not time-wise critical as it may have seemed. There are a few options, for the time being.

Read more »

  2014-05-30

The status of TrueCrypt

  By Hagai Bar-El   , 564 words
Categories: IT Security, Products

I wish I knew where TrueCrypt stands now, but I don’t. I follow TrueCrypt and regularly endorse it  ever since I discovered it and wrote this post nine years ago. TrueCrypt was, and may still be, the most sensible and presumably-secure volume and full-disk encryption software for Windows; also supporting Linux and Mac. A few days ago the project discontinued, and users were directed to alternative, non-open-source solutions.

Read more »

  2014-04-09

OpenSSL "Heartbleed" bug: what's at risk on the server and what is not

  By Hagai Bar-El   , 1223 words
Categories: IT Security, Cyber Security, Counter-media

A few days ago, a critical bug was found in the common OpenSSL library. OpenSSL is the library that implements the common SSL and TLS security protocols. These protocols facilitate the encrypted tunnel feature that secure services – over the web and otherwise – utilize to encrypt the traffic between the client (user) and the server.

The discovery of such a security bug is a big deal. Not only that OpenSSL is very common, but the bug that was found is one that can be readily exploited remotely without any privilege on the attacker’s side. Also, the outcome of the attack that is made possible is devastating. Exploiting the bug allows an attacker to obtain internal information, in the form of memory contents, from the attacked server or client. This memory space that the attacker can obtain a copy of can contain just about everything. Almost.

There are many essays and posts about the “everything” that could be lost, so I will take the optimistic side and dedicate this post to the “almost". As opposed to with other serious attacks, at least the leak is not complete and can be quantified, and the attack is not persistent.

Read more »

  2014-04-03

Bitcoin does not provide anonymity

  By Hagai Bar-El   , 762 words
Categories: Security Engineering, Security Policies, Security, Counter-media

When people discuss Bitcoin, one of its properties that is often considered is its presumable anonymity. In this respect, it is often compared to cash. However, it shall be recognized and understood that Bitcoin is not as anonymous as cash; far from it, actually. Its anonymity relies on the concept of pseudonyms, which delivers some (unjustified) sense of anonymity, but very weak anonymity in practice.

Read more »

My new patent on secure key provisioning

  By Hagai Bar-El   , 151 words
Categories: Personal News, Security Engineering

I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title “Methods Circuits Devices and Systems for Provisioning of Cryptographic Data to One or More Electronic Devices“.

Read more »

1 2 3 ...4 ... 6 ...8 ...9 10 11 12 ... 15


Form is loading...

  XML Feeds

Search

License

All contents are licensed under the Creative Commons Attribution license.