Was Flame Really State Sponsored?
Flame was a big story at the time it was discovered, although it has quickly faded from the collective memory. At the time there was a lot of speculation as to who had produced the malware: the...
View ArticleTor Hidden Services Settle Down?
As I mentioned several days ago, the number of unique .Onion addresses visible in Tor looked as if it was about to level off. It has. We seem to have arrived at a new normal of around 60,000 unique...
View ArticleWas Met Police Chief Right?
Sir Bernard Hogan Howe, the current Commissioner of the Metropolitan Police in London, recently set the cat among the pigeons by putting more onus on the public to protect themselves from online bank...
View ArticleReports Of The Death Of CAPTCHAs May Be Premature
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAs) are not quite as dead as I'd thought. In order to be immune to bots CAPTCHAs have become so difficult that I find...
View ArticleEven Old Assumptions Need Challenging
At the heart of modern cyber security is mathematics, and mathematics is a subject where formal proofs matter. Many aspects of cyber security are asserted and find their way into common usage, but...
View ArticleTor Continues To Confound
Tor is, yet again, producing some data that seems to defy explanation. Having talked a lot about how the number of unique .onion addresses has varied in recent weeks (and was apparently settling down)...
View ArticleNo Honour Among Thieves (or Assassins)
The use of blockchain technology has increasingly focussed on uses other than cryptocurrencies. One challenge being addressed is how do you deal with someone who you don't know, may never have met,...
View ArticleWho Is Tor Really For?
I have been trying to rationalise several apparently contradictory surveys of the "Dark Web" that have been published recently. Some suggest the vast majority of Tor is being used for illicit...
View ArticleOpenSSL Has A Chink To Be Aware Of
The accurate generation of random numbers (or more particularly pseudo random numbers) is central to much in computer security. Problems with random number generation are often found to be the cause...
View ArticleIs Artificial Intelligence The Answer Security Data Overload?
At last week's IEEE Conference on Big Data Security a paper was presented which may herald a new direction in dealing with the ever more complex cyber security landscape. It shows how Artificial...
View ArticleCost Of Attacking Elliptic Curves Is Dropping
Field Programmable Gate Arrays (FPGA) are proving to be very useful in mounting attacks against modern cryptographic schemes. By allowing fast computation of discrete logarithms researchers have shown...
View ArticleIs Quantum Encryption Provably Secure
Much research is required on how you "prove" that quantum encryption schemes are secure. Cryptographers have developed many ways of proving that new schemes are secure. If you attend a cryptography...
View ArticleTor Hidden Services - A Minor Situation Update
This is a bit of a non-post but people have been asking so here goes. I wrote a month ago about how the number of Tor's .onion sites seemed to have settled down following the extraordinary variations...
View ArticlePost Quantum Crypto Scheme Demo Online
Following on from a number of post apocalyptic articles I'd read as to how quantum computers would spell the end of security on the web, I wrote back in March about how there are many candidates for...
View ArticleIs Bitcoin Vulnerable On Asynchornous Networks?
Forget all the hubbub about who Satoshi Nakamoto is in person(s), something much more interesting has come up this week: a possible attack on the principle behind the technology underlying Bitcoin....
View ArticlePreventing Selfish Mining In The Blockchain
The principle of the blockchain is that a "miner" is rewarded for being the first to solve a mathematical problem. If you're new to Bitcoin I suggest you spend some time watching this video. One of...
View ArticlePhysical Access To A System Matters For Security
At Christmas I wrote a piece for the BBC based upon Scott Culp's 10 immutable laws of computer security. My assertion was that the laws are as valid today as they were all those years ago. However,...
View ArticleBulk Key Recovery on the Cloud
Cloud computing has many advantages so it's not surprising that it has become so popular with the even the biggest online services using cloud providers for their infrastructure. However, many in...
View ArticleIs Malware Changing How It Hides Its Comms?
It might sound a bit obvious, but in order for malware to capitalise on its ill-gotten gains it has to communicate with its criminal masters. That very act of phoning home can give away the presence of...
View ArticlePost Quantum Crypto Goes Mainstream?
Although people such as me have been talking about the threat to public key cryptography from quantum computers for years, and the alternatives that could be used, it seems that when Google announced...
View ArticleA New Form Of Anonymity
I've talked before about how Tor can protect your anonymity on the Internet only if you use it in the right way. However, how users interact with Tor is not the only possible source of a loss of...
View ArticleIs Quantum Computing The End of Public Key Encryption
I recently published a paper with Prof Bill Buchanan at Napier Edinburgh University on the treat posed by quantum computers to public key encryption. We've tried to put the threat in context - whilst...
View ArticleEthical Hacking
The past few months have seen quite a bit of activity working on an old investigation for the Click programme at the BBC. Although a lot of work (so much more than we were able to show even in a half...
View ArticleAttribution Is Difficult - Consider All The Evidence
There have been several headlines in recent days suggesting that the attacks by the Wannacry malware in May 2017 has been "linked" to the North Korean regime. Now, whilst I wouldn't put it past that...
View ArticleAdoption Of Security Across The Web
The past few years have seen many advances in the security that can be applied to websites and their applications. However, not everyone takes advantage of what is available. The adoption of HTTPS,...
View Article