Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Encryption Has Its Place But It Isnt Foolproof
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
2/3/2016 | 7:55:57 AM
Schneier notes on NSA presentation
system attack process summary:

intrusion phases
  • reconnaissance
  • initial exploitation
  • establish persistence
  • install tools
  • move laterally
  • collect exfi land exploit

the event was the usenix enigma conference.

 

reference (schneier)

https://www.schneier.com/blog/archives/2016/02/nsas_tao_on_int.html

 

attackers don't care about passwords, authentication, or encrypotion: they work by attacking the endpoints with root kits and other un-authorized programming  .until the industry addresses this issue there will be no meaningful progress against computer fraud and abuse.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
2/2/2016 | 7:17:50 PM
Data That Stays Encrypted, Is Read While Encrypted
The window of opportunity is a very valid point, and the only one that matters in arguing for more advanced protection of data.  One imagines technology down the road that can accomplish the (seemingly) impossible.  That is, one only ever deals with encrypted data, and that data as a whole is never decrypted.  However, via a variety of reading methods, the reader can 1) read the data (if a document) line by line where a reader decrypts a certain number of lines using a different key for each paragraph, encrypting the data again using a new cipher as if moves along the document, or 2) the data is printed out using a printer that similarly decrypts chunks using different keys, dropping a bit of decrypted data into a secure print queue, then moving on to another print queue, all the while the user must authenticate over time to keep the processes available, whether reading at a terminal, or receiving printed items.  An option could be to have to destroy data already read before the rest will print; or that it must be locked into a safe box before one could move on to the rest of the material.

These are examples of overkill – perhaps even comedic, but with the right processing power and the right infrastructure, there is no reason extremely sensitive documents can't remain secure and those windows never open, since the windows are actually removed, or mostly removed.  Yes, people are the remaining "window" and always will be, but there are ways to keep that to a dull minimum, too, depending on the information.  As a rule, data should never travel (whether on media or over the Internet) in a decrypted state.  Layering the encryption as described requires time with today's tech, but can be done as computing power increases.  Layering the human factor could work, too, where you require a minimum number of people to be able to translate and use decrypted data, depending on the nature of the information.

I suspect that time and money are a huge reason why so much data that might otherwise be secured is out there, and if we took twice as much effort to lock it down with today's tech and resources, we'd be in much better shape.  But in the end, we need to get rid of the windows and doors, over-complicate our security measures and tech so that once we know we are having a hard time already just getting to the data we are supposed to have access to, we'll know we are doing a better job of securing the information other eyes are never supposed to see.  If we can get to the ultimate state where data is even read while encrypted (I'm imagining this will be when biotech has reached a certain maturity), we'll in great shape, indeed!


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .