Just saw the tweet… IETF finally released the long-awaited TLS 1.3 version of the secure Web communication, considered to be the most secure protocol specification that assures high-degree of security, privacy and also faster performance compared to its predecessor TLS 1.2. The most compelling features of TLS 1.3 : More secure, removed out-dated algorithms previously had known vulnerabilities from TLS cipher… Read more »
The picture says it all. Most popular tools intended for Reconnaissance, Port Scanning, Packet Sniffing, Vulnerability Scanning, Password cracking, Proxies and more..
Since inception, I had been following MITRE’s ATT&CK Navigator knowledge base for studying (threat modeling) pre and post-exploit techniques on Web, Mobile and Enterprise applications more particularly running on Windows and Linux systems. Indeed, it is a great resource for understanding the devil in the details of attack techniques and simulate it from simple hacking credentials from the initial access… Read more »
It’s been few years now, the IETF’s TLS 1.3 standardization effort always looked like a never-ending story. Glad to note the wait is over. After 28 drafts for review, last week IETF finally ratified TLS 1.3 as an approved standard. Indeed, TLS 1.3 promises significantly faster SSL/TLS performance and a much secure communication protocol standard ever before! It also brings a radical change… Read more »
A secure data protection using encryption depends more on secure key management processes than the encryption itself. Although enabling encryption looks quite trivial, managing the underlying Key management lifecycle processes and handling the associated cryptographic operations always been a daunting challenge! The challenges are too many till we really know..beginning from key generation and issuance, key ownership, key usage, privileged… Read more »
Everything is hackable! During the RSA Conference 2017 Crypto panel, Prof. Shamir (the letter “S” in the RSA) said, “I think there is a higher chance that RSA could be broken by a mathematical attack.” and he also wondered to note “Quantum Computers” will be a reality soon! That said, the evolution of practical quantum computers are not far away, according… Read more »
NIST released an Application Container Security publication (SP 800-190), which delves into the major security risks and concerns related to Container images, registries, OS, orchestration, network isolation. It also presents a long-list of proactive countermeasures and mitigation recommendations for the known risks and example scenarios on how to address container security threats with the recommended countermeasures. Although it is a quite… Read more »
In a Blockchain infrastructure, trust is built using cryptographic hash functions and Public-key cryptography using digital signature mechanisms. If we unpack the building blocks of a typical blockchain infrastructure – It relies on a multi-party peer-to-peer transactional network backbone without relying on a central authority. On the blockchain network, the peers create transactions, collaborate on transactions, validate and verify the transaction… Read more »
Thanksgiving holidays! Had great time meeting with a bunch of my old friends from Javasoft! Back in the days (~1998) I was working at Sun Microsystems and was part of a team working on Java Keystore. It was a lot of fun..still remains fresh on my mind! It’s been a while I played with Java. Can’t believe JKS still remains as… Read more »
Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »