Category Archives: Information Security

Victim of a ransomware? Call the Crypto Sheriff!

Ransomware are not new but they become more and more efficient and, consequently, make more victims.

RANSOMWARE: Malware encrypting your files on your hard disk, making them inaccessible by you, so they can ransom you to allow you to decrypt them.

Even large companies, despites their multiple layers of security and anti-malware protections, are victims of these. The luckiest can rely on their backups to restore the lost data, the others pay it cash, either to the criminals or in business losses, or sometimes both (as paying doesn’t always guarantee that you will get a cure).

Ransomware is a plague against which smaller companies and individual are often defenceless. Not anymore, as Crypto Sheriff has arrived.

RW-Sheriff

Crypto Sheriff is a free service brought to you by Europol, the Dutch police, Kaspersky labs and Intel Security (ex McAfee) through the website: https://www.nomoreransom.org.

It allows you to submit sample of encrypted files and copies of the ransom note in order to analyse the malware used and possibly find a cure. It provides also decryption tools working on some of the most common malware like Chimera, Teslacrypt or coinvault.

Moreover, as prevention is always better than damage control, it will also provide you some basic tips to prevent such infection.

Let’s visit the Crypto Sheriff. Hihaaa!

To protect against quantum computers, will we have quantum teleportation?

It sounds a bit like a bad sci-fi movie but its becoming reality. A few days ago, on August 16th 2016, China launched Micius, the world first quantum satellite (as reported by Quartz or BBC News).

Quantum satellite? I won’t try to explain quantum physics in a nutshell, I’m totally unqualified for that but I would like to come back one one of my last post of 2015 (in french) to make my point. End 2015,  Google and NASA announced that they purchased a D-Wave X2 super quantum computer on which they succeed to perform some quantum specific computation 100 millions time faster than on an actual average computer. As such, it was a clear indicator that our prediction on actual cryptographic algorithms and keys resistance will have to be reviewed soon. With an estimated cost of 15 millions of US Dollars, the X2 is affordable for any country, large corporation or major criminal organization in the world. Scary, no?

You may imagine that we were not the first to know and that states likes US, Russia or China are actively looking for a solution to further secure their sensitive and secret communications in the (near) future. One of the well known principle in cryptography, and you don’t need to have a degree in advance mathematics to understand it, is that a message crypted with a key as long as the message itself (and used only once) is virtually unbreakable. You don’t even need a complicated algorithm, a simple rotation will make it so. Of course, exchanging a new key for every message send is a bit complicated and security of the key exchange will soon become the weakness of the system. Too bad! Except if we use quantum teleportation.

Here again, I won’t go deeper into the technicalities but, to keep it simple, imagine you can bind the state (ON and OFF, 0 or 1) of two objects together, whatever the distance between them. When you change the state of the first one, the second one change accordingly simultaneously. That’s exactly what happens with two atoms or two photons when they are entangled (another quantum physics phenomenon called quantum entanglement).

The nice feature of quantum entanglement is that it is totally simultaneous, whatever the distance (no communication delay) and that it is not possible (so far) to intercept or block the communciation.  As reading the states changes it, it is not (yet) possible to exchange binary information as we do it with current digital communication means. However, the advantage of this “feature” is that if a third party tries to read the state of the atom, it will be noticed by the two other participants. So your communication, at least from atom to atom, is secure and has a intrusion detection mechanism embedded. Nice, isn’t it?

But, what’s the point if we can’t send messages using this technique? We can’t send message but it seems that it can be used to securely exchange random keys (I have to admit that I don’t get yet how they do this, based on what I just wrote). If you use very long keys (as long as your message) generated by this quantum teleportation mean, you can have, again, very secure communication using a classical encrypted communication channel.

In such a way, even with quantum computers, it wouldn’t be possible to “crack” your keys and your messages’ confidentiality during transport would be completely guaranteed. Unless science allows us to predict the modification of the measured property of the entangled atom without modifying its state as it is suggested in this vulgarization article on quantum cryptography.

This said, let’s come back to Micius. Micius has some quantum entangled atoms inside it (their “twins” are still on earth, of course) and China, with Austrian researchers, will try to validate the effectiveness of the communication between entangled atom on large distance (above 1200 km). That’s a statement, no?

So, we are not there yet but the future is tomorrow and we better get ready for it because it will really raise the bar of the complexity of our systems, reducing our understanding of it and, hence, our control over it.

Live long and prosper!

Google (also) knows what you said last summer

After, Google knows what you did last summer, this summer, we will give you a little hint to discover (and it migh be creepy) all the things you said to your androïd phone or to your Google search (sometimes just by hitting the wrong button or by saying “OK Google”).

Yes, Googles likes to keep everything and also to share it with you (in case you would like to remeber all those stuff). You just have to go to My Activity on Google (https://myactivity.google.com/myactivity) to have te complete list of things you said to your phone (search this, call Bob, launch this application) and all the things that were heard by your microphone at the same time.

Privacy? At least now you know (a bit more about the cost of using free tools).

By the way, some hackers are using this function to hack your phone by including sounds in YouTube videos that will trigger the voice recognition function without being perceived as a command by a human. If you found something stange in the list, you’ll know.

You’ve been notified!

OK Google, close this page!