Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

3 Essential Security Terms You Need to Understand


Technology keeps moving forwards, faster than a speeding-freight-bullet-train-gun ― even faster than the speed of light. Okay, perhaps not that fast, but we’ve all had that feeling of missing a watershed moment in technology, or at the very least a new product with a dazzling new specification,and you’ve no idea what anyone at the regional tiddlywinks social is talking about.

Relax. It happens. So let’s brush up on some of the most commonly used security terms and exactly what they mean.

1. Encryption

Let’s start with a big one, and one you’ve likely encountered. Just because you’ve encountered it, doesn’t mean you understand the incredible importance of encryption.

In a nutshell, encryption is the transformation of data How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More to hide its information content. Be that sending a message over WhatsApp Why WhatsApp's End-to-End Encryption Is a Big Deal Why WhatsApp's End-to-End Encryption Is a Big Deal WhatsApp recently announced that they would be enabling end-to-end encryption in their service. But what does this mean for you? Here's what you need to know about WhatsApp encryption. Read More , Microsoft requesting encrypted telemetry information from windows 10 systems, or accessing your online banking portal, you’re sending and receiving encrypted information Don't Believe These 5 Myths About Encryption! Don't Believe These 5 Myths About Encryption! Encryption sounds complex, but is far more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let's bust some encryption myths! Read More whether you know it or not.

And rightly so. You don’t want Alan using a man-in-the-middle attack What Is A Man-In-The-Middle Attack? Security Jargon Explained What Is A Man-In-The-Middle Attack? Security Jargon Explained Read More in the local pub to steal your account credentials. Equally, you don’t want just anyone to be able to read your email, your secure messaging, and any of the myriad services secured with encryption.

All Up in the News

One of the biggest encryption stories of the year has just been given a swift jolt back into life. I’ll give you a quick precis: in December 2015, 14 people were murdered in an act of domestic terrorism at the Inland Regional Centre, San Bernadino, California.

The terrorists were killed some hours later in a shootout, and the FBI went on to search their local residence. They recovered a number of items, including one of the deceased’s encrypted iPhone. This presented a problem to the FBI: they couldn’t brute force (an exhaustive attack designed to guess all possible password permutations) the phone’s protection, as that could’ve wiped the data.

Apple, quite rightly, refused to create a golden backdoor for the FBI to use, reasoning that once it was created it would be used repeatedly. Furthermore, they again correctly stated their belief that such a backdoor would inevitably fall into the wrong hands, and be used to directly and negatively affect other citizens.

Roll forward a few months. The FBI and Apple had been back and forth in court, when suddenly the FBI announced that, with the help of an unknown third party ( reportedly an Israeli security research firm ), they’d successfully cracked and accessed the data on the iPhone What Is The Most Secure Mobile Operating System? What Is The Most Secure Mobile Operating System? Battling for the title of Most Secure Mobile OS, we have: Android, BlackBerry, Ubuntu, Windows Phone, and iOS. Which operating system is the best at holding its own against online attacks? Read More ― which in turn, amounted to basically nothing.

Still with me? Roll on a few more months, to August 2016, and hackers announced the “liberation” of highly sensitive data from an NSA auxiliary server, speculated to have been used by one of the government agencies’ elite internal hacking groups. The data apparently contained code detailing backdoor attacks on a number of important, globally-used firewalls, with the data being put up for sale (with an outrageous ~$500 million asking price).

TL;DR: Backdoors work until everyone knows about them. Then everyone is screwed.

It’s All About the Keys

Secure encryption remains so by signing digital keys, exchanged securely between two parties. Public-key cryptography (AKA asymmetric cryptography)uses a pair of keys to encrypt and decrypt data.

The public key can be shared with anyone. The private key is kept private. Either key can be used to encrypt a message, but you need the opposing key to decrypt at the other end.

The key is essentially a long string of numbers that has been paired with another long string of numbers, but are not identical (making them asymmetric ). When public-key cryptography was proposed by Diffie and Hellman back in 1977, their work was considered groundbreaking and laid the foundations for the many secure digital services we take advantage of today

Viewing all articles
Browse latest Browse all 12749