Archives

Ransomware

By using ransomware (a type of malware) the attacker restricts the access to personal data until such time a ransom is paid by the victim. Ransomware usually enters a computer through security gaps and propagates itself via a usual computer worm (for example – trojan), which might be a hidden email attachment. Once the system has been infected, the malware will start to encrypt files and data (for example – pictures and Word documents) on the hard drive – this way the interaction with the system is restricted and the user is denied access to his personal files. As soon as the ransomware is done with its task, it deletes itself to cover up the tracks. The user is confronted with messages or pop ups, coaxing him to pay the ransom in order to unlock his files and data. However to extort ransom, the attacker has to contact the potential victim and therefore leaves his trace for example with certain data to a specific bank account for the completion of payment. With professional analysis, those traces can be dereferenced and the attacker’s computer can be identified.

By using ransomware (a type of malware) the attacker restricts the access to personal data until such time a ransom is paid by the victim. Ransomware usually enters a computer through security gaps and propagates itself via a usual computer worm (for example – trojan), which might be a hidden email attachment. Once the system […]

Keylogger

A keylogger is a hard- or software to protocol a user’s every keystroke. Passwords as well as login data can be recorded via keylogging. A hardware keylogger looks like a normal device and can be plugged straight into the computer. However, using the software is more common. It is hiding beneath the main operating system and wirelessly transmits data to the originator.

A keylogger is a hard- or software to protocol a user’s every keystroke. Passwords as well as login data can be recorded via keylogging. A hardware keylogger looks like a normal device and can be plugged straight into the computer. However, using the software is more common. It is hiding beneath the main operating system […]

Two-factor-authentication

The most common two-factor-authentication (short: 2FA) is used at ATMs: you will be able to withdraw money only if the bank card and the PIN number match. The combination of two factors unequivocally verifies the user’s identity and protects him against misuse. If one of the factors is missing or wrong, access will be denied completely. This way the account is safe, even if the data falls into the wrong hands. Google, for example, uses the 2FA for its email service: the user enters his data, he will then receive a code to his phone to authenticate himself a second time. Instead of a numerical key or a PIN, fingerprints or iris scan can be used as the second step of authentication as well.

The most common two-factor-authentication (short: 2FA) is used at ATMs: you will be able to withdraw money only if the bank card and the PIN number match. The combination of two factors unequivocally verifies the user’s identity and protects him against misuse. If one of the factors is missing or wrong, access will be denied […]

Phishing

Phishing is a form of cyber attack that quite literally fishes for passwords. Scammers send out fake emails, in a bank’s name for example, and lure their victim to a fake website. Disguised as trustworthy sender the scammer requests the addressee to update their data. This way they collect addresses, passwords and, in the worst case, account data and credit card numbers. The so-called spear phishing is even more precise: The e-mail contains data of the victim’s friends and colleagues – thus uses methods of social engineering.

Phishing is a form of cyber attack that quite literally fishes for passwords. Scammers send out fake emails, in a bank’s name for example, and lure their victim to a fake website. Disguised as trustworthy sender the scammer requests the addressee to update their data. This way they collect addresses, passwords and, in the worst […]

Perfect Forward Secrecy

To ensure a safe communication between servers, it is advised to use the transfer method Perfect Forward Secrecy. A safe connection is established, when the code of the communication is not transferred or stored anywhere – otherwise it could get intercepted or hacked. Instead, both communication partners agree on a key, specifically generated for one session, which will be deleted after the session. The most common method is the Diffie-Hellman key exchange. The communication partners jointly establish a shared key via messages, therefore, even if someone is wiretapping the messages, it is still impossible to guess the code. Since the key will never be stored permanently, neither of the communication partners is able to reveal the key.

To ensure a safe communication between servers, it is advised to use the transfer method Perfect Forward Secrecy. A safe connection is established, when the code of the communication is not transferred or stored anywhere – otherwise it could get intercepted or hacked. Instead, both communication partners agree on a key, specifically generated for one […]

Public Key Encryption

Public Key Encryption is an asymmetrical encryption method for any kind of digital information exchange. It is referred to as “asymmetrical” because the originator and the addressee use two different keys. The system uses a public as well as a private key. Transferred data is encrypted via the public key. Only the addressee can decipher the message with its counterpart (the private key). In reverse, messages can be signed with the private key. If the public key matches the signature, the identity of the originator, who used the secret code to create the digital signature, is proven.

Public Key Encryption is an asymmetrical encryption method for any kind of digital information exchange. It is referred to as “asymmetrical” because the originator and the addressee use two different keys. The system uses a public as well as a private key. Transferred data is encrypted via the public key. Only the addressee can decipher […]

PGP

PGP (short for: Pretty Good Privacy) is a data encryption programme. The application uses a public key cryptography infrastructure, including one public and one private key. The message for an addressee is encrypted via public key and can only be deciphered via the private key. With each message, PGP sends an authentication to verify the originator’s identity. Some upgrades of the programme can also protect data against unauthorised access, as well as secure voice over IP and chats.

PGP (short for: Pretty Good Privacy) is a data encryption programme. The application uses a public key cryptography infrastructure, including one public and one private key. The message for an addressee is encrypted via public key and can only be deciphered via the private key. With each message, PGP sends an authentication to verify the […]

SSL

The encryption protocol SSL (short for: Secure Sockets Layer) is designed to provide a secure data transmission via Internet. The protocol ensures an asymmetric encryption for the connection between a server and a browser as well as the safe transfer of unencrypted communication protocols like HTTP (web), POP3 or IMAP (e-mail). Such a secure connection is active, if the browser’s address bar begins with a “https” instead of the usual “http”. By using techniques like Public Key Encryption, the SSL creates a certificate which contains information about the server. The SSL protocol provides authentication of the server with which the browser communicates to ensure its legitimacy.

The encryption protocol SSL (short for: Secure Sockets Layer) is designed to provide a secure data transmission via Internet. The protocol ensures an asymmetric encryption for the connection between a server and a browser as well as the safe transfer of unencrypted communication protocols like HTTP (web), POP3 or IMAP (e-mail). Such a secure connection […]

TLS

The acronym TLS stands for Transport Layer Security (this term replaced the label SSL in 1999). TLS is an encryption protocol to authenticate a server and to insure a safe date exchange. Using a SSL connection the server usually provides the browser with a certificate. If the certificate is supplied by a trustworthy source, the browser accepts it. If the server certificate it not verified a warning message will be displayed. TLS or SSL makes sure that data once entered into the browser can not be intercepted and is sent to the server unaltered.

The acronym TLS stands for Transport Layer Security (this term replaced the label SSL in 1999). TLS is an encryption protocol to authenticate a server and to insure a safe date exchange. Using a SSL connection the server usually provides the browser with a certificate. If the certificate is supplied by a trustworthy source, the […]

HTTPS

If you are online shopping or pay your bills via online banking, you want to make sure your address and bank account data are safe. In order to ensure this, you should use a HTTPS connection. It guarantees a safe communication between server and browser. The acronym HTTPS stands for “HyperText Transfer Protocol Secure”. An additional safety protocol and encryption distinguishes it from conventional connections. This way it provides authentication of the web server, to ensure its legitimacy. In addition to conventional connections, the data exchange cannot be intercepted during the transmission. As long as the URL (short for: Uniform Resource Locator) in your browser begins with “https”, a safe connection between the server and the browser is established.

If you are online shopping or pay your bills via online banking, you want to make sure your address and bank account data are safe. In order to ensure this, you should use a HTTPS connection. It guarantees a safe communication between server and browser. The acronym HTTPS stands for “HyperText Transfer Protocol Secure”. An […]