Information Security in Today's Digital Culture
Header

This past weekend I participated in the CSAW 2015 CTF on team ascii_overflow. Our team is relatively new; however, we managed to finish 15th on the qualifying scoreboard – just barely enough to send our undergraduate members to compete at the CSAW finals in NYC (Good luck guys!). I started on the Crypto 500 challenge …
Read more

The POODLE attack or “Padding Oracle On Downgraded Legacy Encryption” is a fairly recent attack that takes advantage of both the backwards compatibility integrated into SSL/TLS protocols and the means by which SSL/TLS protocols are negotiated. Its purpose is to force a downgrade from TLS 1.0/1.1/1.2 to SSL 3.0, which has an inherent flaw that …
Read more

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that are designed to provide security for communications over a computer network. Theoretically, they establish a link through which to communicate securely. The protocols are only theoretically secure because the security is dependent on the following assumptions: Steven AndersonSteven Anderson is a Security …
Read more

I often get into debates on the use of encryption and it being the panacea of data protection. While encryption has proven itself a viable solution for many years, the problem is never in the algorithm, but rather in the management of the keys. In order for encryption to occur the system must have the …
Read more

Voice Over IP Security

September 18th, 2009 | Posted by Nathaniel James in Encryption | Security - (0 Comments)

According to NIST, with the proliferation of VOIP, the demands for security are significantly compounded.  Now, network administrators must protect two invaluable assets – our data and our conversations. Federal agencies are required by law to protect a great deal of information, even if it is unclassified. The current Internet architecture does not provide the …
Read more