An email hit my inbox about one family member, Samantha, asking another family member to transfer money. My mother’s credit card is denied for some reason. She needs money for a surprise present. This scam was obvious and my family knew it. But there was still an issue of how they got access to Samantha’s email. The steps taken to perform this were sophisticated. These … [Read more...]
EFail, “No One is Safe Using Email”
“Email is a plaintext communication medium whose communication paths are partly protected by TLS. For people in hostile environments (journalists, political activists, whistleblowers, ...) who depend on the confidentiality of digital communication, this may not be enough.” This is according to a researcher on the EFail website, who goes on to describe how this vulnerability … [Read more...]
TrustiCo or TrustiNot?
Earlier this week, I wrote an article on underground hackers selling valid cryptographic certificates, which they obtained through stolen private keys and social engineering. More private keys were compromised yesterday when a dispute between Trustico and DigiCert got ugly. Trustico wanted to have the certificates revoked by DigiCert likely because Trustico is trying to push … [Read more...]
With Certificates, Who Do We Actually Trust?
A cryptographic certificate tells us if a website or program is trusted and from a valid company. This trust model only works if we trust that the issuers of certificates have taken appropriate steps to verify ownership before issuing a certificate for a company. This verification allows us to believe that a certificate for any given company name was legitimately created for … [Read more...]
When Big Tech Leave Open Access
Tesla is known not just as a car company but as a technology company, as is evident by their heavy presence in Amazon AWS. Hackers recently took advantage of this reliance on tech by gaining access to and using Tesla’s AWS account to run their own cryptocurrency mining operation. According to a recent report from RedLock, hackers gained access to a Tesla management console, … [Read more...]
