Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Cryptography demystified - An introduction without maths
This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.
β οΈ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-10627-cryptography_demystified
#video #CCC #36c3 #cryptography
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.
β οΈ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-10627-cryptography_demystified
#video #CCC #36c3 #cryptography
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Academics find crypto bugs in 306 popular Android apps, none get patched
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.
A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.
Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.
Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.
The top three most broken rules were:
βΌοΈ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
βΌοΈ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
βΌοΈ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)
These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.
π ππΌ https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched
#cryptography #bugs #android #apps
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.
A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.
Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.
Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.
The top three most broken rules were:
βΌοΈ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
βΌοΈ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
βΌοΈ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)
These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.
π ππΌ https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched
#cryptography #bugs #android #apps
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNet
Academics find crypto bugs in 306 popular Android apps, none get patched
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.