In the News

Researchers steal secret RSA encryption keys in Amazon’s cloud

Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” He says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
“Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control. This specific attack may be prevented by appropriate patching, as its 2009 predecessor was. However, the type of attack is almost impossible to completely prevent,” Lindell says.
Then of course there are a variety of security products on the market as well targeting this issue. Dyadic, where Lindell is chief scientist, has developed a way to spread encrypted keys out across multiple hosts, so that essentially no one single VM has all of the keys.


Amazon Downplays New Hack For Stealing Crypto Keys In Cloud

Yehuda Lindell, chief scientist and co-founder of encryption technology vendor Dyadic says the proof-of-concept developed by the WPI researchers shows how side-channel attacks make it possible for one process to steal a secret key held by another process.
“In order to carry out such an attack in the cloud, you first need to know that you are co-located on the same physical machine as a VM with the target application,” Lindell says. “This paper shows new ways of detecting collocation, and then methods for stealing the key using the side channels.”


Mapping Israel’s Cyber-Security Startups

As most readers know, Israeli high tech is much more of a general scientific and entrepreneurial renaissance than an extension of Israel’s military industrial complex. While many CISOs and corporate executives are familiar with Israeli cyber talent owing to Check Point, Imperva, CyberArk and other notable security success stories, the sheer scope of Israeli startup activity in the cyber sector is staggering. We have prepared the Israel CyberScape a general resource for CISOs, corporate development executives and investors keen on exploring Israeli cyber security. It includes 150 startup companies divided into 10 market segments.


Cutting-edge hack gives super user status by exploiting DRAM weakness

In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.


Breakthrough in MPC cryptography could make cloud computing more secure

A recent breakthrough in multi-party computation (MPC) cryptography may result in a “sea change” in computing security according to Peter Scholl, a researcher in the Cryptography and Information Security group at the University of Bristol.


E-Commerce Security: What Every Enterprise Needs to Know

“If a cybercriminal can steal the secret keys that are used to encrypt user data and credit card numbers, then the encryption no longer helps,” Lindell observes. “The data can be stolen as well. It’s like locking the door and keeping the keys under the doormat. Make sure no single individual—either inside employee, or an attacker for this matter—has full access to the encryption keys.”

Page 22 of 23« First...10...1920212223