Onion Routing

I was recently reading some literature about data encryption and I stumbled across an interesting concept. The classic secure communication model is the one where the sender encrypts the message and sends it across the network, which is then decrypted at the receiver’s end. In real life, this is done over several networks and several routers. This method works well because we assume that the routers are completely secure and they do exactly what they are told. Now what if a router is compromised on the path? An attacker will be able to monitor all the traffic that goes through it. Once the attacker gains control of the router, many bad things can happen like decryption of secure messages, false communication, leakage of sensitive details etc. How do we prevent it?   Continue reading

Operation Aurora

On January 14, 2010 McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for Operation Aurora to exploit Google and at least 20 other companies. Microsoft  issued a security bulletin and patch immediately. Operation Aurora was a coordinated attack which included a piece of computer code that exploits the Microsoft Internet Explorer vulnerability to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated stealthily when targeted users accessed a malicious web page, ultimately connected those computer systems to a remote server. Now this connection was used to steal company intellectual property and additionally gain access to user accounts. Why did the users visit the malicious web page? Likely because they believed it to be reputable. This attack became particularly famous because of the level of sophistication and the obfuscation methods used.   Continue reading

What Is SSH?

Consider the following situation. You are at your friend’s place with your laptop and you want to access your home computer to do something. May be you want to start a download or you want to run a program right away. What would you do in this situation? Will you go all the way to your house just to start a download? You already have a laptop at your disposal, so you should be able to use it somehow. You can just connect to your home computer through internet. But what if someone else hacks you while you do that? This is where SSH comes in.   Continue reading

Decrypting Cryptography

What’s the first thing that came to your mind when you read the title? How do you perceive the term ‘cryptography’? It has something to do with secrecy and hiding right! Anyway, cryptography is the art of protecting information by transforming it into an unreadable format. Only the people who have the secret key can decode this message. The process of transforming the information into something unreadable is called Encryption and the reverse process is called Decryption. Let’s say you have a message you want to send to your friend. The message to be encoded is called plaintext and the encrypted message is called ciphertext. The goal here is to find the most secure way of transforming the plaintext into ciphertext. How do we encrypt it? How do we make sure it remains safe even if someone happens to see it?   Continue reading

The Art Of Password Cracking

The elusive art of password-cracking has enticed many a mortal! Everyone has, at one point or the other, contemplated cracking someone’s password to get access to their private information. Whenever people hear the term ‘hacking’, the first thing that comes to their mind is ‘cracking passwords’. A lot of people think that password-cracking is the very definition of hacking. Some people think that password-cracking is the same as stealthily looking at someone type their password. I hate to burst your bubble, but that’s not password-cracking. What exactly is it then? How do we do it?   Continue reading

Exposing The SSL Encryption

In my previous blog post, I couldn’t discuss much about SSL encryption. I didn’t want to deviate from the main topic. So here, I discuss about the loopholes in the protocol. I have tried to simplify it as much as possible. SSL stands for Secure Sockets Layer and it is a protocol for secure communication over the internet. It just provides enough security to keep attacks at bay, but if someone reeeeally wants to get in, SSL will not be able to stop the attack. Here’s why:   Continue reading