[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

https://www.ru.nl/publish/pages/909282/advisory.pdf
Solid State Disks (SSDs) often implement hardware full-disk encryption in a way known as Self-Encrypting Drives
(SEDs). Several implementations of SEDs have been analysed by reverse engineering their firmware. Many have security vulnerabilities that allow for full recovery of the data without knowledge of any secret when you have physical access to the drive.
BitLocker, bundled with Microsoft Windows, relies exclusively on hardware full-disk encryption if the drive indicates support for it. Thus, for these drives, data protected by BitLocker is also compromised.

Sweet, isn't it? Now go check your drives... all of them.
manage-bde -status c: | findstr /i hardware && msg * You are possibly affected!

Open in new window

1
LVL 63

Author Comment

by:McKnife
Andrew, it's batch code, not powershell code. Run it on an elevated command prompt. If you get a popup, verify your drive model. If the output is empty, you are safe to go.

[batch code can usually be run on the powershell, too, but not all batch code and the operator "&&" ("continue if last result is success") is unknown to powershell - that's why you see an error]
1
LVL 24

Expert Comment

by:Andrew Leniart
Andrew, it's batch code, not powershell code.
Doh! <blush>

Run it on an elevated command prompt. If you get a popup, verify your drive model. If the output is empty, you are safe to go.
Cool! I ran it on both my SSD drives and no output, so I guess I'm safe :-)

Many thanks for your help McKnife. Very much appreciated.

Andrew
0
C++ 11 Fundamentals
LVL 12
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

TIP  SECURITY  ENCRYPTION & CERTIFICATES

In-place upgrade of encrypted Windows systems using reflectdrivers

Apparently since Win10 v1607 there exists a parameter "/reflectdrivers" in the Windows setup (setup.exe on the DVD / USB stick) see https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options

This can be used to tell Setup the location of the encryption drivers (eg Veracrypt) and finally be able to perform upgrades without decrypting!

The Veracrypt developer shares this in a forum post and gives a syntax example for his product:

setup.exe /ReflectDrivers "C:\Program Files\VeraCrypt" /PostOOBE C:\ProgramData\VeraCrypt\SetupComplete.cmd

Open in new window

1
New GrouHow to break encryption in WhatsApp?

The answer is Group Chat.

More is Less: On the End-to-End Security of Group Chats in
Signal, WhatsApp, and Threema

https://eprint.iacr.org/2017/713.pdf
0
Hi, I’m sure many of you are probably sick of answering this question, so apologies in advance.

I’ve been following (not trading) BitCoin for the last year. A few friends etc have invested in it, etc.

I have a few questions:

01 - I know this is hard to call, but I’m sure I’m too late to the BitCoin game, BUT are all crypto currencies the same in this regard or are some only worth very small now but could potentially explode like BitCoin?

02 - How do different things influence different crypto currencies, or are they all influenced by the same thing?
0
LVL 68

Expert Comment

by:btan
Suggest you consider asking these questions instead of putting these as post. Thanks.
0
LVL 24

Expert Comment

by:Andrew Leniart
@btan

Nice article for 101
https://blockgeeks.com/guides/what-is-cryptocurrency/


Great article! Thanks for posting that.
0
EQIFAX DATA BREACH.

The Equifax data breach is one of the deadliest cyberattacks in the modern times not only in terms of affected people but also due to the intensity of accessed personal data. Equifax reported that between mid-May and June 2017, their system was hacked and the personal information of 173 million customers was exposed. Below we highlight some incites about this breach and then take a look at exactly how this was accomplished at the bottom.

Accessed information

According to Equifax, the hackers were able to access customer’s names, Social Security Number, customer’s date of birth, card numbers, addresses and driver’s license numbers.

Why this breach is one of the deadliest attacks

The Yahoo data breach in 2016 had 1 billion customers affected where only the passwords and phone numbers were accessed. But in the case of Equifax, sensitive data was accessed which means that:

Criminals can use the Social Security number to other credit accounts using a customer’s names.
Hackers can also maneuver their way and shop online using the credit card details obtained.
The hackers can sell the data to other criminals which makes the effect very grave.
An accessed customer’s data is not immune to future’s fraud, extortion and blackmail. The accessed information can haunt a customer forever.
How to find out if your information was exposed

Equifax has established a “Potential Impact” tab on its website (www.equifaxsecurity2017.com) that helps …
0
LVL 9

Expert Comment

by:Sean Plemons Kelly, CISSP
This was literally copied and pasted from hackingloops.

Let's go to a "Security" site from a company that hid the fact that they had a massive data breach that affected (more or less) everyone with a credit score in the US. Let's plug in our SSN anyway (fun fact, it doesn't matter if you are on a secure system or using encryption if the destination isn't secure).
0
1
LVL 107

Expert Comment

by:John
It was the initial Creator Update on my ThinkPad X1 Carbon. As I noted, the issues seem to be fixed in the last 60 days, so here is hoping for good / better with V1709
0
LVL 63

Author Comment

by:McKnife
John, this is about MacOS.
0
I think NdlelaByte which is a MCSIDevelopers solution is the answer to this piracy thing as its affects us as Software developers as well as those who do Music, Movies and Games. According to what I saw yesterday they said the mostly pirated contents are Games, Music, Software and finally Movies. The reason why I think NdlelaByte is the best is because its directly solve the problem from its roots upwards. NdlelaByte has these features:

Copy Count
Private Formats
Advanced Private encryption
Real time file monitoring.

Yes there are many other companies that developed the anti piracy system but just check them and compare to what NdlelaByte from MCSIDevelopers do, the NdlelaByte is the only anti piracy that really solve this piracy problem.

Check it out and lets me hear what you think about it. http://www.facebook.com/MCSIDevelopers or check them on twitter http://www.twitter.com/MCSIDevelopersGooglePlusCoverPageGameAndSoftware.png
0
Good to know - The upcoming Windows update, Redstone 3, will patch the vulnerability that enables EternalBlue exploits. Not all SMB version are that vulnerable as compared to SMBv1.
Microsoft doesn't recommend disabling SMBv2 or SMBv3 for Windows client and server operating systems. Disabling SMBv3 will deactivate encryption that provides protection from eavesdropping on untrustworthy networks. Organizations should proceed with caution when disabling either protocol as a temporary troubleshooting measure.
http://searchsecurity.techtarget.com/answer/Stopping-EternalBlue-Can-the-next-Windows-10-update-help?
0
Hi all,

we have procured Dell Latitude E5580 which is supported only windows 10 and we are using Kaspersky drive encryption. the issue is once the drive encryption is done, the key board is not working on Kaspersky authentication agent window on boot up screen as this laptop is having only HID keyboard.

requesting you all to help us.

thank you in advance.

Manoj
0
LVL 27

Expert Comment

by:Brian B
This is a post. It sounds like you are asking for help from the Experts? Please use this link: https://www.experts-exchange.com/askQuestion.jsp
0
CompTIA Security+
LVL 12
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

1
Today's update on Petya
Previously, it was believed that the ransomware would not begin encrypting until an hour after the initial infection. It is now been discovered that it begins encrypting the first 1MB of the below file types upon infection. Therefore turning off your device when viewing the reboot message, will not stop encryption.

It is also now being disputed if the goal of this attack was to collect Bitcoin or cause mass destruction in the devices it infects.

Files types:
.3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip
6
Update on Petya Attack
As noted by our on-site expert, krakatoa, the current vaccine for Petya involves creating a file called perfc in the C://Windows folder and making it read only.  No kill-switch has been discovered, only a local vaccine.  
If you see the reboot notification below, your device has been infected. Turn off your device to prevent future encryption. Petya begins encrypting the device an hour after the initial infection.
**Update: Petya begins encrypting your the first 1MB of your files prior to the reboot. See new post for the updated information. **petyareboot.JPG
6
LVL 3

Expert Comment

by:Phillip Monk
.dat
1
LVL 12

Author Comment

by:Experts Exchange
According to our knowledge, file extensions .dat and .dll for perfc. Check out this article for more info!
0
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
LVL 22

Expert Comment

by:Wayne88
And your point is?  Nobody is complaining when Echelon spy on everyone else.
0
So with the recent WannaCry malware, there were 3 (afaik) bitcoin addresses circulated to receive ransom payments:

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

At the time of this writing, it looks like around 34 BTC ($60k USD) have been extorted to date. Really low take (imo), considering the widespread reports of this attack. I'm curious if there are any other BTC wallet addresses out there?
9
LVL 2

Expert Comment

by:Michael Arciniega
I wonder how effectively they'll be able to use those funds since they have such a large target on their heads and every transaction on the chain is public information. Can they use enough coin mixers to obfuscate their identity?
0
LVL 20

Author Comment

by:Lucas Bishop
Up to 40 BTC ($70k) now.

Considering it's only 40BTC, they could easily run it through multiple mixers in small batches and see good results on obfuscation. Nothing like the 5,500 BTC Tomas Jirikovsky tried to tumble and cash out.

However, I suspect WannaCry has negatively effected enough SysAdmins, that the interest in tracing transactions related to these addresses through the blockchain may be much more fruitful than traditional attempts. I wouldn't be surprised if the perpetrators don't even try to cash out, considering the risk vs reward doesn't make financial sense.
0
Ransomware - Wannacry/wcry and everything else ...

Ransomware in general is something none of us wish to deal with.  The latest Wannacry problem is worse.  This is not because of what it is but rather of the extent to which it has affected our users.  There have been a plethora of great suggestions all over this site.  I would add to those with the following suggestions:
•      Completely check your system for viruses with a reputable virus checker
•      Check any suspected files and or links at virustotal.com
•      Make sure you have a tested versioning backup system
•      Do a complete scan of your system
•      Updates
        o      Make sure all your programs and your operating system is up to date (even old Windows OS’s now
                have updates, like windows XP – check the Microsoft website and do a windows update)
        o      If you are unable to do updates on your own machine due to company policy, make sure that your IT
                department is doing the updates.
•      Do not, click on an attachment in your email, even if it is from someone you know – call them up and check
        that they sent it – they’ll understand.

Whenever I touch a system I do a “ransomware check” which involves the following:
•      Create a blank text file called myapp.txt in the root drive (c:\) and rename it to myapp.exe
•      Run FoolishIT’s Cryptoprevent
•      Install an anti-ransomware tool such as BD Antiransomware, MBAM Antiransomware, Kaspersky
        Antiransomware for business, etc.
•      …
20
LVL 107

Expert Comment

by:John
The overall advice to keep automatic updates on to keep updates current, keep Antivirus up to date and firewalls up to date is something we have said many times in here (sometimes to deaf ears).

Two really important points. Stop the excuses and dump all desktop operating system earlier than Windows 7 and all server operating systems earlier that Server 2008.

Second: get top notch spam filters. That is how this malware gets in.
3
LVL 14

Expert Comment

by:Natty Greg
I can not stress enough about proxy and spam filter, content filter along with gateway antivirus scanning, patching all systems and educating users.
2
Ran into a problem today when trying to install Windows 10 Feature Updates on an Full Disk Encrypted (FDE) system.  The machine had DESlock+ installed onto it and was refusing to install the latest Build.

I used the following article to get round it:
https://support.deslock.com/index.php?/Default/Knowledgebase/Article/View/379

You need to Download the Media Creation tool, save an ISO and then install the DESlock+Win10Update utility:
https://support.deslock.com/resources/KB379/DESlock+Win10Updater.exe

When the Utility Runs, you need to point it at the mounted Win10 ISO.  It will then complete.
4
Brendan Eich, the creator of Javascript, is set to launch a digital ad platform tied to the Ethereum blockchain. Users who opt in to see the ads will be rewarded with a cryptographic token and will be shown fewer, more relevant ads. The data recorded from each user is encrypted and stored on their local machines while the aggregate numbers and trends will be stored publicly on the blockchain.

Personally, I run an ad blocker for the shear number of irrelevant ads and not because I do not wish to see them at all. If this solution provides me a better end user experience and fairly rewards the sites who host the ads then sign me up!
6

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.