Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Moti Yung and Adam Young on Kleptography and Cryptovirology 4: Password Snatching and Secure Info Stealing

The main subjects covered in this section are two types of attacks doable through the use of cryptovirologic techniques and aiming at latent info retrieval. The Classic and Deniable Password Snatching Attack The second idea that I will cover is password snatching that we did. A typical password snatching...

Moti Yung and Adam Young on Kleptography and Cryptovirology 3: Deploying Cryptoviral Extortion Attack

In this part, Moti Yung lists the main possible applications for cryptovirology and goes into detail of a typical cryptoviral extortion attack. Now we’re going to get to the subject of cryptovirology, and I will review three topics (see image). The first one is cryptoviral extortion; this is an active...

Moti Yung and Adam Young on Kleptography and Cryptovirology 2: Cryptography in Polymorphic Viruses

Continuing with the retrospective overview of malicious software, in this part Moti Yung focuses on the role of crypto in the execution workflow of polymorphic viruses and touches upon the basic principles of public-key cryptography. I want to point out one interesting design – actually,...

“Yes We Can’t!” – On Kleptography and Cryptovirology

This is a study conducted by computer scientists and well-known cryptographers Moti Yung and Adam Young on the two-way relation between cryptography and malicious software. The research was presented by Moti Yung at 26th Chaos Communication Congress (26C3) in Berlin. Yes, we can’t! Yes, we can or yes, we...

Mikko Hypponen on Cyber Warfare 4: Challenges of the Cyber Arms Race

This part encompasses Mikko Hypponen’s thoughts on why sophisticated viruses like Stuxnet and Flame are so hard to detect using the regular security technology. If you look at Miniflame which was found recently, one of the files actually contains country information, which tells us in which country that...

Mikko Hypponen on Cyber Warfare 3: Stuxnet as an Offensive Attack Weapon

Mr. Hypponen now draws attention to the process where computer science basically turned into an offensive weapon capable of killing people, namely Stuxnet worm. Stuxnet is the only one which actually does physical damage. It controls the PLC gear inside the Natanz nuclear enrichment facility, blowing up...

Mikko Hypponen on Cyber Warfare 2: Types of Governmental Attacks

Shifting the focus over to governmental attacks, Mikko Hypponen breaks nation states’ cyber warfare down into several types, depending on the objects targeted. Within attacks coming from governments we have a range of stuff. We have espionage. You might have heard about what is often characterized as APT...

F-Secure’s Mikko Hypponen on Cyber Warfare at Wired 2012

Chief Research Officer at F-Secure and true computer security guru Mikko Hypponen outlines the state and scope of today’s cyber threatscape at Wired 2012 event. My name is Mikko Hypponen, and his name is “Arashi”. He is one of the examples of Russian organized cyber criminals who create...

Offensive Threat Modeling for Attackers 8: Confusing the Adversary

This is the final part of the presentation dedicated to nuances of exploiting various components of an adversary’s defensive posture for a successful attack. So, now we want to directly engage the defenses. A very effective thing is false flag operations. Does everybody knows what a false flag is? False...

Offensive Threat Modeling for Attackers 7: Utilizing Different Infiltration Vectors

Shane MacDougall and Rafal Los explicate herein the issues of offensive modeling from the perspectives of company’s human component and time windows for attack. Shane MacDougall: A big tool in determining your targets within a company is company sentiment. You really want to identify as many users at risk...