In the News

Cybersecurity after the Paris attacks: Info-sharing in the spotlight

Dyadic Security co-founder and chief scientist Yehuda Lindell told SCMagazine.com there are “many things would make the job easier for law enforcement agencies,” including an ability to walk into anyone’s house at any time or search any car with or without cause. Lindell called the argument that private companies must provide access to unencrypted information to law enforcement and intelligence agencies “a joke,” since terrorists already encrypt their communication. “So you end up in a situation where the criminals encrypt their information and all of the rest of us do not,” he added.

Read More >>

Microsoft CEO Nadella unleashes security-first initiative

Dyadic Security co-founder and chief scientist Yehuda Lindell told SCMagazine.com that Microsoft’s security capabilities have “without a doubt” improved significantly in recent years.

Read More >>

Dyadic – Product of the Week

Powered by a multi-party computation (MPC)-based engine, Dyadic delivers powerful encryption, authentication and key protection. Organizations of all sizes can easily achieve effective, distributed protection of keys, credentials and data in any IT environment

Read More >>

Dyadic Protects Organizational Secrets and Sensitive Data with Comprehensive New Crypto Suite

Renowned cryptography professors transform multi-party computation research into technologically superior, easy-to-use encryption, authentication and distributed key protection solutions.

Read More >>

Mozilla may reject SHA-1 certificates six months early

“This is a matter of risk management, and it is bad risk management,” Yehuda Lindell, chief scientist at Dyadic, told SCMagazine.com. “In the end, we will all pay the price because of it,” he added.

Read More >>

Proposed cyber ‘squadron’ cultivates military-private partnerships to address cyber threats

Dyadic co-founder Dr. Yehuda Lindell echoed this sentiment. After researchers published a report demonstrating that it is possible for hackers to replicate a SHA-1 certificate for as little as $75,000 to $120,000, Lindell told SCMagazine.com the private sector is “waiting for actual damage to be inflicted before transitioning out of it.”

Read More >>

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

Dr. Yehuda Lindell, chief scientist and co-founder of Dyadic, believes a full break of SHA-1 is just on the horizon. “I am convinced that large organizations (or governments) have already found collisions in SHA-1, Lindell said in a statement emailed to SCMagazine.com. “Attacks have been known for many years, but they are too costly for academic groups to carry out. Thus, no publicly published collision has been found. However, this does not mean that those with more means have not found them.“
Lindell concurred that a switch to SHA-2 should be fast tracked, but expressed dismay that the migration probably wouldn’t come soon enough. “There is no doubt that SHA-1 must be replaced immediately,” he said, explaining that, “industry is typically much too slow to make these changes, and so I expect that it will only happen after concrete attacks and damage have been inflicted.”

Read More >>

Researchers steal secret RSA encryption keys in Amazon’s cloud

Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” He says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
“Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control. This specific attack may be prevented by appropriate patching, as its 2009 predecessor was. However, the type of attack is almost impossible to completely prevent,” Lindell says.
Then of course there are a variety of security products on the market as well targeting this issue. Dyadic, where Lindell is chief scientist, has developed a way to spread encrypted keys out across multiple hosts, so that essentially no one single VM has all of the keys.

Read More >>

Amazon Downplays New Hack For Stealing Crypto Keys In Cloud

Yehuda Lindell, chief scientist and co-founder of encryption technology vendor Dyadic says the proof-of-concept developed by the WPI researchers shows how side-channel attacks make it possible for one process to steal a secret key held by another process.
“In order to carry out such an attack in the cloud, you first need to know that you are co-located on the same physical machine as a VM with the target application,” Lindell says. “This paper shows new ways of detecting collocation, and then methods for stealing the key using the side channels.”

Read More >>

Mapping Israel’s Cyber-Security Startups

As most readers know, Israeli high tech is much more of a general scientific and entrepreneurial renaissance than an extension of Israel’s military industrial complex. While many CISOs and corporate executives are familiar with Israeli cyber talent owing to Check Point, Imperva, CyberArk and other notable security success stories, the sheer scope of Israeli startup activity in the cyber sector is staggering. We have prepared the Israel CyberScape a general resource for CISOs, corporate development executives and investors keen on exploring Israeli cyber security. It includes 150 startup companies divided into 10 market segments.

Read More >>

Cutting-edge hack gives super user status by exploiting DRAM weakness

In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.

Read More >>

Breakthrough in MPC cryptography could make cloud computing more secure

A recent breakthrough in multi-party computation (MPC) cryptography may result in a “sea change” in computing security according to Peter Scholl, a researcher in the Cryptography and Information Security group at the University of Bristol.

Read More >>

E-Commerce Security: What Every Enterprise Needs to Know

“If a cybercriminal can steal the secret keys that are used to encrypt user data and credit card numbers, then the encryption no longer helps,” Lindell observes. “The data can be stolen as well. It’s like locking the door and keeping the keys under the doormat. Make sure no single individual—either inside employee, or an attacker for this matter—has full access to the encryption keys.”

Read More >>

Breakthrough in cryptography could result in more secure computing

The SPDZ protocol (pronounced “Speedz”) is a co-development between Bristol and Aarhus and provides the fastest protocol known to implement a theoretical idea called “Multi-Party Computation.” The idea behind Multi-Party Computation is that it should enable two or more people to compute any function of their choosing on their secret inputs, without revealing their inputs to either party. One example is an election, voters want their vote to be counted but they do not want their vote made public.

Read More >>

Why Verizon’s “zombie cookies” are scarier than ever

“The tokens Verizon passes to advertisers are not encrypted, according to Yehuda Lindell, chief scientist of Dyadic Security, an Israeli security firm. If they’re intercepted, the information is there to be read. Advertisers that receive tokens won’t be able to link the information to specific users, but Verizon can, because the carrier has detailed information on its customers, Lindell says. Even if we assume that Verizon won’t do anything untoward with the information, its network could be hacked, and the unencrypted data could fall into the wrong hands, according to Lindell.”

Read More >>

SECURITY COMPANY’S CRYPTOGRAPHY PLAY AIMS AT TECH FIRMS, FINANCE

“The company’s Crypto Suite product,” says CEO Avner Mor, “Is aimed at the software, financial, and health care industries.” According to Mor, a major part of the system is the fact that it can protect secret, sensitive cryptography keys. In some contexts, it extracts information from data without actually accessing files, which is an advantage for very security-sensitive industries like finance.

Read More >>
Page 4 of 41234