Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems.Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
In addition to mathematical analysis of cryptographic algorithms, cryptanalysis includes the study of side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation.
Even though the goal has been the same, the methods and techniques of cryptanalysis have changed drastically through the history of cryptography, adapting to increasing cryptographic complexity, ranging from the pen-and-paper methods of the past, through machines like the British Bombes and Colossus computers at Bletchley Park in World War II, to the mathematically advanced computerized schemes of the present. Methods for breaking modern cryptosystems often involve solving carefully constructed problems in pure mathematics, the best-known being integer factorization.
CyberWorld
Wednesday, September 30, 2015
Computer Forensics
Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
In court, computer forensic evidence is subject to the usual requirements for digital evidence. This requires that information be authentic, reliably obtained, and admissible. Different countries have specific guidelines and practices for evidence recovery. In the United Kingdom, examiners often follow Association of Chief Police Officers guidelines that help ensure the authenticity and integrity of evidence
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
In court, computer forensic evidence is subject to the usual requirements for digital evidence. This requires that information be authentic, reliably obtained, and admissible. Different countries have specific guidelines and practices for evidence recovery. In the United Kingdom, examiners often follow Association of Chief Police Officers guidelines that help ensure the authenticity and integrity of evidence
Tuesday, September 29, 2015
Cryptography
Cryptography or cryptology respectively is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that block adversaries; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Symmetric-key algorithm
Symmetric-key algorithms are algorithms for cryptography that use the same cryptograpic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption.
The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.
For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data
Symmetric-key algorithm
Symmetric-key algorithms are algorithms for cryptography that use the same cryptograpic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption.
The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.
For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data
Online AES encryption tool
Hash Function
A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes. One use is a data structure called a hash table, widely used in computer software for rapid data lookup. Hash functions accelerate table or database lookup by detecting duplicated records in a large file. An example is finding similar stretches in DNA sequences. They are also useful in cryptography. A cryptographic hash function allows one to easily verify that some input data maps to a given hash value, but if the input data is unknown, it is deliberately difficult to reconstruct it (or equivalent alternatives) by knowing the stored hash value. This is used for assuring integrity of transmitted data, and is the building block for HMACs, which provide message authentication.
MD5
The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. The source code in RFC 1321 contains a "by attribution" RSA license.
MD5
The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. The source code in RFC 1321 contains a "by attribution" RSA license.
Steganography
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected", and graphein (γράφειν) meaning "writing".
The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages—no matter how unbreakable—arouse interest, and may in themselves be incriminating in countries where encryption is illegal.Hint Use Quick Stego Tool. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Image Link - http://uptobox.com/tcovudcyixc6
SQL injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
SQL injection (SQLI) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project. In 2013, SQLI was rated the number one attack on the OWASP top ten. There are four main sub-classes of SQL injection:
This classification represents the state of SQLI, respecting its evolution until 2010—further refinement is underway.
SQL injection (SQLI) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project. In 2013, SQLI was rated the number one attack on the OWASP top ten. There are four main sub-classes of SQL injection:
- Classic SQLI
- Blind or Inference SQL injection
- Database management system-specific SQLI
- Compounded SQLI
-
- SQL injection + insufficient authentication
- SQL injection +DDos attacks
- SQL injection + DNS hijacking
- SQL injection + XSS
This classification represents the state of SQLI, respecting its evolution until 2010—further refinement is underway.
Thursday, January 15, 2015
Top Worst Cyber Attacks of 2014: An awesome Flashback!
Cyber attacks
these days have become more sophisticated and elaborate, raising global
concern over time to time. Of course, in the year of 2014 there has been
an alarming number of hacking incidents and attacks targeting famous
and renowned individuals and organizations.
Let’s take a flashback of the top cyber attacks which took place in the year 2014!
Although
technology is progressing too fast and this is great, the same applies
to the knowledge and skills of the “hackers” everywhere. So, only by
being vigilant and up to date can we expect to develop the right
defensive line against attacks and hacking attempts. Let’s have a
flashback of the top incidents that have made it to shake the waters of
the booming technology industry!
- Shellshock: This threat emerged in September and has been alternatively known as Bashdoor. The irony behind the Shellshock bug is that it had remained dormant for twenty years before being brought to light. Within just hours after its discovery, DDoS attacks have been triggered with the contribution of this bug. For some, the Shellshock incident has been even more intense than the Heartbleed bug that took place earlier in 2014.
- Heartbleed: The Heartbleed bug has been a severe vulnerability discovered in the OpenSSL protocol. Apparently, due to the vulnerability that emerged, the cryptographic function of the OpenSSL could not be performed. Without the encryption throughout the Internet traffic, communication can be leaked and data can be intercepted. This is what happened, causing frenzy online back in April and motivating all sites to request changing passwords and taking additional precautions.
- eBay Attack: 233 million users were stripped off their personal information, according to reports. Between February and March, hackers were able to gain access to usernames and passwords, phone numbers and addresses. This is perhaps the most gigantic data interception of 2014. Payment data has been left intact, but everyone was encouraged to alter all passwords immediately.
- Home Depot: The company admitted having suffered from a huge cyber attack in a statement published on 18th September, 2014. Unfortunately, 56 million credit and debit cards have been compromised due to this cyber attack. On the bright side, no PIN numbers were affected and therefore no monetary damage was completed to the holders of the cards.
- Yahoo Email: In January, the email service provider admitted having been under attack with a blog post published. Though there is no actual number of how many email accounts have been compromised, it is worth considering that Yahoo is the second most popular email service option universally (right after Gmail). It is estimated that about 273 million people have got a Yahoo email account – so, you do the Math!
- Gmail: Just to set things straight and even the score, Gmail has had 5 million usernames and passwords leaked in a Russian forum in September. In a statement,Gmail reassured the email account owners not to worry and informed of the advanced anti-hijacking service that is available for protecting login attempts from third parties. Still, the concern was grave and the lists were indeed leaked.
- Apple iCloud in China: This is not the first time the Great Firewall acted against products and services from the US. MITM (Man-In-The-Middle) attack was launched on Apple’s iCloud and confirmed by GreatFire.org. The Chinese Government is truly strict and does not allow companies to provide innovative technological alternatives to people in China, limiting in this way the liberty they enjoy.
- JP Morgan Chase: Another serious cyber attack was held on JP Morgan Chase during the summer of 2014. According to the reports, about 80 million households and their accounts have been compromised. You can imagine the range of information that has been leaked, including names and addresses.
- 4chan Photo Scandal: Starting in August, hundreds of nude photos including celebrities were published online under the banner of Fappening. The photos were obtained via Apple iCloud and there have been severe reactions by the celebrities and people who oppose to the lack of privacy. The scandal is also known as the“Celebgate” and the “Fappening”.
- Sony PlayStation: One of the most significant DDoS cyber attacks launched in 2014 was that of the group called Lizard Squad against Sony PlayStation. The company announced that no user data has been compromised, but the distress was evident as to what has triggered the attack and the extent of the damage.
- Staples Store Breach: The world’s largest office supply chain store Staples faced massive breach where personal details including names, credited card details of its 1.16 million customers were stolen.
- Anonymous vs. Ku Klux Klan (KKK): Anonymous leaked credit card details along with home address of racist white Christian Supremacist group KKK. The leak was done against KKK’s interference in Operation Ferguson.
Here is an amazing Infographic of the world’s biggest data breaches:
These have been
the top hacking incidents for the year of 2014. Sadly enough, they are
not the last cyber attacks to be launched on the web. As time passes by,
hackers become more powerful and they choose their targets more wisely.
However, shedding light to the threats that have been exposed can help us out, in the hope of becoming thoroughly aware of what to expect next!
SOURCE: HACKREAD.COM
Subscribe to:
Posts (Atom)