Archive | March, 2012

TED: All Your Devices Can Be Hacked

TEDxMidAtlantic 2011 – Avi Rubin’s primary research area is Computer and Information Security, and his latest research focuses on security for electronic medical records.

Free Cryptography Class

Free Online Cryptography Class from Stanford University where students will get about two hours of video content per week, though broken up into chunks of about 30 minutes (or smaller). They’ll also get quizzes from the videos and standalone quizzes, as well as programming assignments.

Introduction to Cryptography – Here’s the description of the course:

Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption, digital signatures, and authentication protocols. Towards the end of the course we will cover more advanced topics such as zero-knowledge, distributed protocols such as secure auctions, and a number of privacy mechanisms. Throughout the course students will be exposed to many exciting open problems in the field.

Leave a Comment

TEDEd: Cucaracha Caja De Música

Critical Vulnerabilities in Remote Desktop MS12-020

Microsoft Security Bulletin MS12-020 says, “vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.”

  • It can be exploited over the network.
  • Companies often make RDP accessible on the standard TCP port 3389 from the Internet for remote access to servers and sometimes workstations.

SANS recommend applying the MS12-020 patch as quickly as practical in your environment. Until you install the patch, consider moving your RDP listeners to non-standard ports.  Additionally having NLA enabled, the vulnerable code is still present and could potentially be exploited for code execution. However, NLA would require an attacker to first authenticate to the server before attempting to exploit the vulnerability.

KB 2671387

Leave a Comment

Public Key Cryptography: Diffie-Hellman Key Exchange

Diffie-Hellman key exchange was one of the earliest practical implementations of key exchange within the field of cryptography.