background preloader

Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU

Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU
Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening — yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data. This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack.

http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu

Related:  Security Informationsecurity and hackingAbout Hackingsecurity and hackingScary INFO

Top 10 Password Crackers SecTools.Org: Top 125 Network Security Tools For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form . This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner , Ncat network connector , and Nping packet manipulator ). We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with.

How Hackers Protect Themselves From Getting Hacked When Adrian Lamo goes online, he leaves nothing to chance. To log in to personal accounts, he uses a digital password generator -- a plastic key chain-like device that displays a new string of digits every 60 seconds. He adds an extra layer of security to some accounts by entering a special code that he receives via text message. And he uses browser extensions to avoid downloading malware by accidentally visiting dangerous Web sites. Some techniques “may seem like a ‘Mission Impossible’ level of security to the average user," Lamo said. But the average user could learn a thing or two from hackers like Lamo, who are not only skilled at breaking into others' PCs, but have devised sophisticated -- in some cases, extreme -- methods for protecting their own.

John the Ripper Sample output[edit] Here is a sample output in a Debian environment. # cat pass.txt user:AZl.zWwxIh15Q # john -w:password.lst pass.txt Loaded 1 password hash (Traditional DES [24/32 4K]) example (user) guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie Defensible network architecture For the nearly 20 years since Zwicky, Cooper and Chapman first wrote about Firewalls the firewall has been the primary defense mechanism of nearly every entity attached to the Internet. While perimeter protection is still important in the modern enterprise, the fact is that the nature of Internet business has vastly changed and the crunchy perimeter and squishy inside approach has long since become outdated. You can’t deny what you must permit and the primary attack vectors today appear to be email and browser exploits; two aspects of your business model that you cannot do without and which can give the bad guys a foothold inside your perimeter protections. As the Sony, Target, Home Depot, and many other breaches have shown, once the bad guys are into the network they are content to dig in, explore, and exfiltrate large amounts of data and will often go undetected for months. What is needed is a security architecture that focuses on protecting data and detecting anomalies. Segregation

4 Basic Life Lessons from Basic Training Editor’s note: This is a guest post from Mike Inscho. If you’ve been a reader of The Art of Manliness for more than a day, you know Brett, Kate, and all of the regular contributors do a fantastic job of searching out and relaying habits of great men to us. Men like Ernest Shackleton, Henry David Thoreau, and Charles Atlas, all set examples that every man can follow. I haven’t attempted to take 27 men to the South Pole, and, after having my ship become stuck in ice, somehow managed to get them all home alive like Mr. Shackleton. But I am part of a small group (.45% of the total American population) that consistently creates great men and demands that its members be constantly improving.

Top 50 Hacking Tools That You Must Have Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Most of the tools mentioned in this post are pre-included in Kali Linux which you can install to have them at once. The Coming Insurrection The Tarnac 9 were once just nine individuals who had withdrawn from the capitalist paradigm to live a quiet, communal life in an isolated French mountain village. They grew their own food, opened a small grocery store and started a movie club where they screened films for their rural neighbors. The group, nearly all of whom hailed from affluent Paris suburbs, were highly educated and, by all accounts, friendly, helpful and generous. It was an idyllic existence, far from the consumer spectacle of modern urban existence.

Top 15 Open Source/Free Security/Hacking Tools 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage. How to surf anonymously without a trace Skip to comments. How to surf anonymously without a trace ComputerWorld ^ | 12 March 2007 | Preston Gralla Posted on Tue Mar 13 14:29:37 2007 by ShadowAce The punchline to an old cartoon is "On the Internet, nobody knows you're a dog," but these days, that's no longer true. It's easier than ever for the government, Web sites and private businesses to track exactly what you do online, know where you've visited, and build up comprehensive profiles about your likes, dislikes and private habits. And with the federal government increasingly demanding online records from sites such as Google and others, your online privacy is even more endangered.

The definitive glossary of hacking terminology We live in an era of unprecedented cyberattacks, where malicious campaigns, both personal and governmental, are carried out across laptops and wireless networks. Even if you are not technically minded, your day-to-day life is still probably pretty crowded with stories about hacking, whether you recognize them as such or not. Have you ever installed an antivirus tool on your computer? Search Google anonymously while staying logged in to your account in Firefox One of the things that keeps some users from using Google Search is the certainty that everything that is done on the site is being logged and analyzed by Google. While it is possible to overcome this, for instance by launching searches only in the browser's private browsing mode, or using search engines such as Startpage that use Google search results but do not track you, you may prefer an automated solution that just works in the background without you doing anything. You could try and use Google while you are not signed in to your Google Account, but that too means some form of tracking as there are other means besides tracking a user by account.

The Best Hacking Tutorial Sites - Learn Legal Hacking - StumbleUpon written by: Daniel Robson•edited by: Aaron R.•updated: 2/13/2011 Whether it's to understand potential attack vectors or simply for the fun of it, learning the basics of hacking is something that a lot of people aspire to. Here's our list of the top tutorial based hacking sites. Diving into OpenStack Network Architecture - Part 1 (Ronen Kofman's Blog) OpenStack networking has very powerful capabilities but at the same time it is quite complicated. In this blog series we will review an existing OpenStack setup using the Oracle OpenStack Tech Preview and explain the different network components through use cases and examples. The goal is to show how the different pieces come together and provide a bigger picture view of the network architecture in OpenStack. This can be very helpful to users making their first steps in OpenStack or anyone wishes to understand how networking works in this environment.

Related: