BLOG

June 20, 2019

Secure Messaging

Messaging is a part of the everyday life of almost all of us. And as a form of digital communication, it is subject to security issues applying to other forms of this kind of communication. Here are some hints to improve your security in this area Only use fully end-to-end encrypted messages preferably operated by reputable open-source platforms Messages encrypted end-to-end are encrypted on the sender’s device and only decrypted once they reach the intended recipient.

Bug bounty for Seqred

17.06.2019

June 14th Seqred got bug bounty for reporting vulnerability in a network device’s firmware of one of leading producers. We have begun providing the service of vulnerability analysis in industrial automation and IoT devices recently – less than 5 months ago. At that time, Seqred’s experts submitted to the producers of teleinformation devices and software as many as 9 notifications regarding identified vulnerabilities. Read more about Cybersecurity Bill of Materials

Smart Buildings – Cybersecurity is key

24.04.2019

Today’s buildings are more than concrete, steel and glass: they are structures filled with ctechnology readyutting edge technology designed to aid business activity 24 hours a day, all year round. These are intelligent buildings equipped with advanced technological solutions to optimise their functioning and provide the highest level of comfort to their users. The specialist software used in such structures manages, controls, monitors and supports almost every field of activity, from managing the flow of people, through video surveillance as well as monitoring temperature and air conditioning, to the control of lighting, elevators and parking systems.

Behavioral biometrics - the next level of web security

04.04.2019

Biometrics - safety without the need for complex passwords Biometrics is a solution used every day by almost everyone. Every time you unlock your smartphone using your fingerprint, iris or facial recognition, your physical features are analysed and compared to the template you had provided. The mentioned properties of our bodies are not the only features that can be used in the authentication. Others include the retina, the pattern of blood vessels in the hand, hand shape, the temperature of different sections of the face, ear shape and the shape and position of teeth.

Secon 2019, Security Exhibition and Conference

27.03.2019

Having just come back from SECON in Seoul, Korea, which is Asia’s largest Security Exhibition and Conference, I was able to experience the security vision from the Asian perspective. The Exhibition area was divided into a number of sections but, from the very beginning, it was clear that vision and camera related security aspects are extremely important in Asia. Surveillance systems: how Big Brother is watching There were sections of the exhibition related to IT Security, Big Data, and ICS Security, but as many of us know, we humans like to watch.

Password: password – or how John the Ripper attacks

02.03.2019

… a few pieces of advice from Cybersecurity Training SANS Anaheim 2019 If you were ever wondering if your password “has the power” to survive the attack of Dark Side of the Internet Force, first check if it is listed on Wikipedia’s list of the most common passwords. Then, whilst you quickly try to come up with a new (hopefully better) password, I suggest you check it on Gibson Research Corporation, which will tell you how complicated this password really is, and how long it could take to crack it.

Memory Tagging Extension

25.02.2019

In Q4 2018 ARM announced new architecture Armv8.5-A. One of the introduced features is Memory Tagging Extension (MTE): hardware supported memory tagging. What is the purpose of MTE feature? Most of security vulnerabilities in C/C++ are caused by memory safety bugs related to buffer overruns, use-after-free and uninitialized memory errors. Let’s see what that errors are and what are the implications of their occurrence. Buffer overruns refer to an instance where a program tries to access memory beyond its intended range.

IT Security Basics

12.02.2019

I’d like to start with a few words from a song recorded many years back by Led Zeppelin and sung by Robert Plant: “… lots of people talking, few of them know … “ Remember this song? Yes, this is coming from Dazed and Confused. Conclusions from PWNing Cybersecurity Conference, Warsaw November 2018 We all know cybersecurity is very important these days, and will be an increasingly prevalent issue with humankind going digital in the near future.

Anti-patterns in security architecture – part 6

08.11.2012

The un-patchable system There are systems that can’t stop and must be operational all around the clock. This is a lack of design foresight as such systems can’t have security patches applied without scheduling a downtime window. And the more complex the system, and depending on implemented technologies, the length of time required to patch might turn out impossible to schedule due to the role the system plays. The worst choice in such scenarios is for the patches to be deferred in time until a point when their application would require a considerable downtime window which in practical terms means, the system keeps on going unpatched and becomes un-patchable.

Anti-patterns in security architecture – part 5

01.11.2012

Uncontrolled and unobserved third-party access These days more and more enterprises outsource support for some or all of their systems to a third party. If an enterprise does this, it becomes dependent on another organisation’s security standards and procedures to keep its own system secure. To administer the enterprise’s system, the third party will often require remote access. It is common practice to allow third parties to have access through a bastion host, either over the internet from an allowed list of locations, or over a private network.