Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Beginner Guide to Classic Cryptography

Cryptography:  It is a technique of scrambling message using mathematical logic to keep the information secure. It preserve the scrambled message from being hacked when transport over unsecure network. Since it convert the readable message in unreadable text. Plaintext: It is the content of data which is in readable form that need to share over …

Nov. 11, 2017 0 comments www.pentestingexperts.com Encryption & Authentication

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

by Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov

Account takeover, or ‘hijacking’, is unfortunately a common problem for users across the web. More than 15% of Internet users have reported experiencing the takeover of an email or social networking account. However, despite its familiarity, there is a dearth of research about the root causes of hijacking. In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the cours...

Nov. 11, 2017 0 comments static.googleusercontent.com Encryption & Authentication

Conversion of invisible metal-organic frameworks to luminescent perovskite nanocrystals for confidential information encryption and decryption

by Congyang Zhang, Bo Wang, Wanbin Li, Shouqiang Huang, Long Kong, Zhichun Li & Liang Li

Traditional smart fluorescent materials, which have been attracting increasing interest for security protection, are usually visible under either ambient or UV light, making them adverse to the potential application of confidential information protection. Herein, we report an approach to realize confidential information protection and storage based on the conversion of lead-based metal-organic frameworks (MOFs) to luminescent perovskite nanocrystals (NCs). Owing to the invisible and controlle...

Nov. 10, 2017 0 comments www.nature.com Encryption & Authentication

Encoding vs. Encryption vs. Hashing vs. Obfuscation

by Daniel Miessler

There is often significant confusion around the differences between encryption, encoding, hashing, and obfuscation. Let’s take a look at each one. The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed.

Nov. 10, 2017 0 comments danielmiessler.com Encryption & Authentication

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

by Mathy Vanhoef, Frank Piessens

We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack.

Nov. 9, 2017 0 comments papers.mathyvanhoef.com Encryption & Authentication

The challenge of securely storing and transporting large files across a corporate Wide Area Network

by Jeremy Gibb

The majority of organizations that use Wide Area Networks (WAN’s) to connect Local Area Network’s (LAN’s) together have a requirement to transfer large amounts of data “across the wire”, between different locations. A number of widely available desktop applications such as Microsoft Outlook and Windows Explorer provide built-in functionality that support the basic data transfer needs of most users (e.g. attaching a file to an email, creating a “share” on a remote machine and mapping a local ...

Oct. 28, 2017 0 comments 53 minute read Encryption & Authentication

Ticket Control

User authentication is all about finding out whether users really are who they claim to be. Given that unsuspecting users can fall into the trap of confusing a smartphone with an Internet hotspot, giving the hacker an easy vector for stealing their passwords, relying on usernames and passwords to access confidential information alone, is basically irresponsible. The remedy could lie in the use of additional authentication factors. Authentication Methods Various authentication methods can be c...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Security analysis with Microsoft Advanced Threat Analytics

Microsoft Advanced Threat Analytics (ATA) is an extension of the Enterprise Mobility Suite (EMS). The purpose of this on-premises system is to detect suspicious activities on the network that potentially stem from attackers. ATA's focus is attacks on user login data, which explains why the software keeps a close eye on Active Directory (AD) domain controllers. The service is not designed just to protect endpoints such as smartphones or tablets, but also internal networks in Active Directory t...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Secure Data Transfer with FTP Alternative MFT

Security concerns related to FTP were one factor that produced a series of developments leading to the Secure FTP, Secure Copy Protocol (SCP), FTP over SSL (FTPS), and SSH File Transfer Protocol (SFTP). A new addition was made in 2008, Managed File Transfer (MFT), in which all files to be transferred are encrypted not only en route but also during storage on the server or on share points. Core functionalities of MFT include secure transmission and data storage coupled with reporting and audit...

Oct. 8, 2017 1 comment ADMIN Magazine Encryption & Authentication

New security features in Windows 10

Microsoft has responded to the changes in IT threat management with a number of new Windows 10 security functions [1] . Read on for a summary of some important new security features in Windows 10. Updates The vast majority of security advisories come with one common warning: Update your system! System updates are a necessity on today's networks, and a number of extensions to the update process [2] are waiting for you in Windows 10. These extensions include distribution rings, which you can us...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

New administration options on Windows Server 2016

As you might expect, much that is new in Windows Server 2016 relates to cloud strategies and Microsoft products, whether this be using public cloud offerings with Windows Azure and Office 365, establishing a private cloud with Hyper-V, or linking up your private cloud with public clouds to create a hybrid. Of course, several new features are offered beyond the cloud – in particular, for secure administration. Companies can implement these features immediately after rolling out the new server,...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Microsegmentation in the data center

Microsegmentation breaks a network or data center into various segments to enhance its efficiency or security. The idea behind segmentation became an established technique once virtual local area networks (VLANs) came into use. From the very beginning, security was a central focus for VLAN segmentation, because it divided network domains into smaller parts and then protected movement of data among the parts. Traditional VLANs quickly reach their limits, however, when confronted with more extr...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

LemonLDAP::NG 1.1 Enables Web Single Sign-on

With the latest version 1.1 of LemonLDAP::NG notifications can be sent to all users, including the possibility to display specific conditions. User can reset their passwords through a new email based service. For two-factor authentication LemonLDAP enables the use of one time passwords (OTP) together with a Yubikey USB crypto key. The graphical interface can now be customized and includes several pre-made skins. LemonLDAP::NG 1.1 can be used to enable single sign-on for web applications. The ...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Halting the ransomware blackmail wave

Since February, there have been continuous waves of Locky infection. Windows users are attacked by drive-by downloads or email attachments. After infection, the malicious program encrypts individual files or even the entire hard disk, and demands an anonymous Bitcoin ransom payment from its victims. Locky, an encryption trojan, has found many victims, including well-known corporations and institutions. The trojan changes almost weekly and is known under the following names: Ransom: Win32/Lock...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Getting a free TLS certificate from Let's Encrypt

Let's Encrypt [1] is an open-source project with the goal of making sure every website is encrypting with TLS. The Let's Encrypt project is sponsored by organizations such as Mozilla, Cisco, Akamai, EFF, gandi.net, and many more. The primary role of Let's Encrypt is to offer trusted and free TLS certificates for everyone. Users can even copy and integrate Let's Encrypt technology into their own networks, which means any website can now offer a encrypted option for no cost. On May 8th 2016, Le...

Oct. 8, 2017 1 comment ADMIN Magazine Encryption & Authentication

Encrypting Files

The revelations of Edward Snowden caused a big upsurge in the use of encryption for protecting data from inappropriate access. People are now using encrypted filesystems as well as self-encrypted hard drives (SEDs). However, not everyone is using encryption. Recent revelations about accessing the data of individuals includes the story about how the NSA and Britain’s Government Communications Headquarters (GHCQ) supposedly gained access to SIM cards from Gemalto, allowing them to access any ce...

Oct. 8, 2017 1 comment ADMIN Magazine Encryption & Authentication

Discover ransomware with PowerShell

Backups are not a panacea for all ransomware infections. If a backup overwrites your original files with ransomware encrypted data, your files are gone. Admittedly, this only applies to trivial backup strategies, which you might find in small business environments or in freelancer operations. In mid-sized companies and enterprise environments, this may be not so tragic at first glance, because your archives have backups for the past few weeks. However, even this is not guaranteed. If the data...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Digital signatures in package management

Many distributions develop, test, build, and distribute their software via a heterogeneous zoo of servers, mirrors, and workstations that make central management and protection of the end product almost impossible. In terms of personnel, distributions also depend on the collaboration of a severely limited number of international helpers. This technical and human diversity creates a massive door for external and internal attackers who seek to infect popular distribution packages with malware. ...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Build secure IoT applications with open source

The Internet of Things (IoT) is a game-changer for healthcare, connected homes and cities, ground transportation, and many other domains. From a technical point of view, IoT is very challenging, given such elements as hardware design and certification, embedded software on resource-limited targets, Internet-scale management servers, and ground-breaking user interfaces. In this article, I will look at one of the most challenging and sensitive areas: IoT security. I will explore different topic...

Oct. 8, 2017 0 comments ADMIN Magazine Encryption & Authentication

Broken Cryptography

by Srinivas

In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. We will also see some of the ways an attacker can exploit this kind of vulnerability. Broken cryptography in Android apps can be introduced due to various re...

Oct. 8, 2017 1 comment INFOSEC Institute Encryption & Authentication


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.