In the News

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

Dr. Yehuda Lindell, chief scientist and co-founder of Dyadic, believes a full break of SHA-1 is just on the horizon. “I am convinced that large organizations (or governments) have already found collisions in SHA-1, Lindell said in a statement emailed to “Attacks have been known for many years, but they are too costly for academic groups to carry out. Thus, no publicly published collision has been found. However, this does not mean that those with more means have not found them.“
Lindell concurred that a switch to SHA-2 should be fast tracked, but expressed dismay that the migration probably wouldn’t come soon enough. “There is no doubt that SHA-1 must be replaced immediately,” he said, explaining that, “industry is typically much too slow to make these changes, and so I expect that it will only happen after concrete attacks and damage have been inflicted.”


Researchers steal secret RSA encryption keys in Amazon’s cloud

Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” He says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
“Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control. This specific attack may be prevented by appropriate patching, as its 2009 predecessor was. However, the type of attack is almost impossible to completely prevent,” Lindell says.
Then of course there are a variety of security products on the market as well targeting this issue. Dyadic, where Lindell is chief scientist, has developed a way to spread encrypted keys out across multiple hosts, so that essentially no one single VM has all of the keys.


Amazon Downplays New Hack For Stealing Crypto Keys In Cloud

Yehuda Lindell, chief scientist and co-founder of encryption technology vendor Dyadic says the proof-of-concept developed by the WPI researchers shows how side-channel attacks make it possible for one process to steal a secret key held by another process.
“In order to carry out such an attack in the cloud, you first need to know that you are co-located on the same physical machine as a VM with the target application,” Lindell says. “This paper shows new ways of detecting collocation, and then methods for stealing the key using the side channels.”


Mapping Israel’s Cyber-Security Startups

As most readers know, Israeli high tech is much more of a general scientific and entrepreneurial renaissance than an extension of Israel’s military industrial complex. While many CISOs and corporate executives are familiar with Israeli cyber talent owing to Check Point, Imperva, CyberArk and other notable security success stories, the sheer scope of Israeli startup activity in the cyber sector is staggering. We have prepared the Israel CyberScape a general resource for CISOs, corporate development executives and investors keen on exploring Israeli cyber security. It includes 150 startup companies divided into 10 market segments.


Cutting-edge hack gives super user status by exploiting DRAM weakness

In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.


Breakthrough in MPC cryptography could make cloud computing more secure

A recent breakthrough in multi-party computation (MPC) cryptography may result in a “sea change” in computing security according to Peter Scholl, a researcher in the Cryptography and Information Security group at the University of Bristol.

Page 20 of 21« First...10...1718192021