SC Magazine Discussion by Dr MJ Frederick

SC Magazine Discussion by Dr MJ Frederick https://padlet.com/mj_frederick/x1noztkx2quk Cryptography en-us 2017-09-02 18:32:21 UTC 2018-10-03 03:40:24 UTC hello@padlet.com Group https://padlet.com/mj_frederick/x1noztkx2quk/wish/286716179 2018-09-27 19:21:30 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/286716179 Group 5 mark_deel https://padlet.com/mj_frederick/x1noztkx2quk/wish/286785210 This interesting piece, co-authored by a former Section Chief with the CIA, talks about how we should consider cryptography the immune system of our worldwide security network and how that fits into the trends we should expect going forward related to global information security.

]]> 2018-09-28 01:16:23 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/286785210 Group 1 https://padlet.com/mj_frederick/x1noztkx2quk/wish/287595581 Found this article that discusses the federal governments preparedness to comply with the homeland security directive BOD 18-01 which requires government agencies to improve handling of transport layer security (TLS) keys and Public Key infrastructure certifications.
https://www.scmagazine.com/home/news/pair-of-surveys-underscore-importance-of-secure-pki-in-government-iot/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20180930&hmSubId=FUFh9nCsgA01&email_hash=c35d6939b3039be2d4a42aafa5e29b03&mpweb=1325-2580-1241432]]> 2018-10-01 13:37:41 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/287595581 Group 7 https://padlet.com/mj_frederick/x1noztkx2quk/wish/287902356 Enterprises have been downloading applications that have no data at rest protection. These applications had been developed without security patches being implemented in the future.]]> 2018-10-02 00:13:53 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/287902356 Group 4 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288088724 This is an article that shares some information about a bill that would require stricter encryption and security laws on a federal level, pertaining to encryption standards, and it would require by law that no agency require or force a company to create a backdoor for their product to be granted special rights or be sold at all. Eliminating the threat of anyone nefarious finding the government's backdoor into a product or software.

]]> 2018-10-02 13:07:44 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288088724 Group 2 (Jesse Roberts and Jared Futral) https://padlet.com/mj_frederick/x1noztkx2quk/wish/288352235 Our article chosen was about
major vulnerabilities in hardware and firmware. The vulnerability allowed hackers to impersonate users. Fits to our topic perfectly and is an informative read.

]]> 2018-10-02 19:36:14 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288352235 Group 9 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288407480 This article is about a scam that has been on the rise, ATM wiretapping, which is installing 3rd party hardware to collect user data so they can later drain an ATM of its contents using said data. Many of these hardware additions are just tiny cameras which is why its always recommended to cover your hand while entering your PIN.

https://www.scmagazine.com/home/news/secret-service-warns-banks-of-atm-wiretapping-attacks/]]> 2018-10-02 23:17:12 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288407480 Group 1 cameronbartlett1998 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288414871 Found this article about cryptography scandals.]]> 2018-10-03 00:18:52 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288414871 Group 6 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288418449 https://www.scmagazine.com/home/news/vulnerabilities/adobe-issues-critical-patch-after-flash-zero-day-bug-actively-exploited-in-middle-east/

With cryptography so present in our everyday lives, compromises to the security that cryptography offers can often have detrimental consequences. As in any other aspect of security, the best defense against such compromises is maintaining awareness be being proactive. One recent attack from June of this year capitalized on the curiosity of users, resulting in an exploit for Flash Player being abused to spread malware that used asymmetric cryptography to hide its nefarious nature.

Things like apps, clients and programs from big companies are usually safe for use and with a bit of awareness anyone can be safe using them but to the general public this may not always be the case. As shown with the exploit used within adobe program, we saw that even if a website is generally safe to use, attackers will find ways to use it to their advantage. In the case of Qatar’s Bayt.com, attackers sent malware that download malicious files that spread by opening emails impersonating job inquiries. To help prevent this basic awareness would be ideal. Knowing that there is a malicious malware attacks going on could be very helpful as well as pop up blockers to prevent websites from opening links automatically without permission. While the site might benefit from sending emails with certificates. This would ensure verification that a public key is truly associated with a particular individual.

For a more thorough prevention of these kind of attacks, it would be useful to use multi layered defenses. Having authenticity certificates from the users would help catalog and maintain traffic. Using this information through a private key to match up with a public key would give the next layer of defense. On top of this, anything that needs to be downloaded should go to a monitored pop-up equipped with a sandbox that can scan and detect any version of malware that will alert the user and the website. These alerts should be analyzed on a priority basis and handled immediately so as to locate and stop the corrupted files from affecting the user, giving us the ability to track the location that the malware is being outputted and shut it down. Consistent auditing should be in place to secure the website, labeling users from trusted to high risk and dealt with within the parameters of internal procedures and legal requirements. Technology malware changes all the time, so certificates should always be kept up to date.

]]> 2018-10-03 00:44:07 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288418449 Group 8 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288428007 Intel announces new chip designs with built-in security.
So, we will have more protection from hardware.

The first measure promises to improve security by using Accelerated Memory Scanning to free up graphics hardware resources so they can be used to scan computer memory for malware

The second feature will combine platform telemetry with machine learning algorithms to improve the detection of advanced threats while reducing false positives and minimizing performance impact.

The third measure involves a consistent set of critical root-of-trust hardware security capabilities across Intel processors for secure boot, hardware protections (for data, keys and other digital assets), accelerated cryptography and trusted execution enclaves to protect applications at runtime.
https://www.scmagazine.com/home/news/rsa-2018/intel-announces-new-chip-designs-with-built-in-security/

]]> 2018-10-03 01:54:22 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288428007 Group 3 https://padlet.com/mj_frederick/x1noztkx2quk/wish/288441415 Cryptography is our digital immune system

A fifth, man-made domain serving as a great force multiplier for commerce and free expression, cyberspace has also made us more vulnerable. The internet has survived as the critical backbone of our democratic process and free market because we are continuously strengthening our online connectivity’s immune system, which protects us from global pandemic threats including computer hacks and viruses. The conclusion of this article is talking about understanding cryptographic protocols and tracking network vulnerabilities is as challenging as it is vitally important to ensuring consumer confidence.
https://www.scmagazine.com/home/opinions/blogs/executive-insight/cryptography-is-our-digital-immune-system/

]]> 2018-10-03 03:36:09 UTC https://padlet.com/mj_frederick/x1noztkx2quk/wish/288441415