KeyChest Blog

Malware Cerberus: For Hire to Steal Google 2FA

Feb 27, 2020 9:44:59 AM / by Dan posted in security

0 Comments

A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.

Read More

Fighting the 'Good' Internet War

Feb 26, 2020 12:06:38 PM / by Dan posted in security

0 Comments

We propose strategies for defenders to regain the initiative and push security solutions far beyond the reach of current security tools – yet those strategies start mirroring the actions and technologies of the bad guys, and confront us with important technical, legal and moral dilemmas.

Read More

Who Left the Gate Open for a Cyberattack?

Feb 25, 2020 8:20:22 PM / by Dan posted in security, risk management

0 Comments

If you make an internet call from Sydney to Texas, a technology called Border Gateway Protocol, or BGP for short, will ensure that your computer will find your friend in Texas. Just like people have to go through a border gate (or customs if you are at the airport) to enter another country, internet users have to go through a gate to access anything on the internet in another country. Internet users have unknowingly used BGP for over 30 years. The problem is that this old technology leaves the border gate wide open for a special kind of cyberattack.

Read More

25 Years of Internet Hijacking Nears Its End

Feb 25, 2020 7:56:59 PM / by Dan posted in certificate, security

0 Comments

If you make an internet call from Sydney to Texas, a technology called Border Gateway Protocol, or BGP for short, will ensure that your computer will find your friend in Texas. Just like people have to go through a border gate (or customs if you are at the airport) to enter another country, internet users have to go through a gate to access anything on the internet in another country. Internet users have unknowingly used BGP for over 30 years. The problem is that this old technology leaves the border gate wide open for a special kind of cyberattack.

Read More

FBI for passphrases - Cambridge Uni disagrees

Feb 23, 2020 5:58:01 PM / by Dan posted in security, password

0 Comments

This week, in its weekly tech advice column known as Tech Tuesday, the FBI Portland office positioned itself on the side of longer passwords. Would that really make a difference?

Read More

C-level Cyber Security Report with Surprises

Feb 11, 2020 3:09:09 PM / by Dan posted in security, identity

0 Comments

Thales regularly publishes a Data Threat Report. It is created from responses provided by high-level execs so one wouldn't expect to find anything much of interest. But I was wrong, this time.

Read More

"Unbreakable" Pen&Paper Encryption

Jan 16, 2020 9:56:45 AM / by Dan posted in security

0 Comments

A friend came over to our office one day (some years ago) and started talking about the possibility of giving people a chance to encrypt messages without computers, just with a pen and paper. They would write a message, encrypt it by hand, burn/eat/melt the encryption tool (i.e., a sheet of paper), and send the message.

Read More

Can blockchain remove the need for an SSL certificate authority?

Jun 14, 2019 2:08:01 PM / by Dan posted in certificate, security, quora

0 Comments

Let’s think about what blockchain does and what a certification authority (CA) does.

Read More

Is a password of 20 characters strong enough to use?

Jun 14, 2019 2:03:03 PM / by Dan posted in security, quora, password

0 Comments

It could be but it may not, it depends on how random those 20 characters are. Let me demonstrate the thought with 2 common attacks on passwords. These attacks are:

Read More

Why is the public only concerned with Facebook selling data and not ISPs selling data?

May 19, 2019 9:32:20 PM / by Dan posted in security, quora

0 Comments

This will be controversial but I think the reason why Facebook suddenly got to front-pages is an alleged use of its data for Trump’s campaign (and other political purposes). I’ve been a post-doc at Cambridge Uni in 2007–08 and I remember a lot of activity around Facebook as its data was easy to collect (in that instance the research was about social networks, trust, … one particular research area was to produce models of social connectivity for simulation of security threat models in large networks). There has been loads of research papers using its data and no-one was bothered then nor anytime up to 2017.

Read More