All posts
We review the on-demand application security testing service from ImmuniWeb.
What do a start-up, small business and enterprise have in common?
They all have one or more websites.
That’s not a very humorous punchline, but the security implications of managing business websites aren’t funny either.
Continue reading “Review: ImmuniWeb On-Demand Application Security Testing”All posts
Is Amber Rudd right about people wanting weaker encryption? Jon Thompson isn’t so sure.
UK Home Secretary Amber Rudd recently claimed in an article that “real people” prefer ease of use to unbreakable security when online. She was met immediately by outrage from industry pundits, but does she have a point?
Continue reading “The Government Encryption Enigma”All posts
Is this the dawn of the quantum computer age? Jon Thompson investigates the progress we’ve been making with quantum computers.
Scientists are creating quantum computers capable of cracking the most fiendish encryption in the blink of an eye. Potentially hostile foreign powers are building a secure quantum internet that automatically defeats all eavesdropping attempts.
Single computers far exceeding the power of a hundred supercomputers are within humanity’s grasp.
Are these stories true, as headlines regularly claim? The answer is increasingly yes, and it’s to China we must look for much current progress.
Let’s begin with the uncrackable “quantum internet”. Sending messages using the properties of the subatomic world has been possible for years; the security world considers it the “gold standard” of secure communications. Chinese scientists recently set a new distance record for sending information using quantum techniques. They transmitted data 1,200Km to a special satellite. What’s more, China is implementing a quantum networking infrastructure.
QuantumCTek recently announced it is to deploy a network for government and military employees in the Chinese city of Jinan. This will be secured using quantum key distribution. Users will send messages encrypted by traditional means, with a second “quantum” channel distributing the associated decryption keys. Reading the keys destroys the delicate state of the photons that carry them. As such, it can only be done once by the recipient. Otherwise the message cannot be decrypted and the presence of an eavesdropper is instantly apparent.
The geopolitical implications of networks no foreign power can secretly tap are potentially immense. What’s scarier is quantum computers cracking current encryption in seconds. What’s the truth here?
Popular asymmetric encryption schemes, such as RSA, elliptic curve and SSL, are under threat from quantum computing. In fact, after mandating elliptic curve encryption for many years, the NSA recently declared it potentially obsolete due to the coming quantum computing revolution.
Asymmetric encryption algorithms use prime factors of massive numbers as the basis for their security. It takes a supercomputer far too long to find the right factors to be useful. However, experts believe a quantum algorithm called Shor’s Algorithm will find it easy.
For today’s strong symmetric encryption the news is currently a little better. Initially, quantum computers will have a harder time cracking systems like AES and Blowfish. These use the same key to encrypt and decrypt. Quantum computers will only really halve the time required. So, if you’re using AES with a 256-bit key, in future it’ll be as secure as a 128-bit key.
How far are we from quantum computers making the leap from flaky lab experiments to full production? The answer depends on the problem you want to solve, because not all quantum computers are the same. In fact, according to IBM, they fall into three classes.
The least powerful are quantum annealers. These are available now in the form of machines from Canada’s D-Wave. They have roughly the same power as a traditional computer but are especially good at solving optimisation problems in exquisite detail. Airbus is already using this ability to increase the efficiency of wing aerodynamics.
More powerful are analogue quantum computers. These are much more difficult to build, and IBM thinks they’re about five years away. They will be the first class of quantum computers to exceed the power of conventional machines. Again, they won’t run programs as we think of them, but instead will simulate incredibly complex interactions, such as those found in life sciences, chemistry and materials science.
The most powerful machines to come are universal quantum computers, which is what most people think of when discussing quantum computers. These could be a decade or more away, but they’re coming. And when they arrive they will be exponentially more powerful than today’s fastest supercomputers. They will run programs as we understand them, including Shor’s Algorithm, and will be capable of cracking encryption with ease. Scientists are developing these computers and the software programs they’ll run. The current list stands at about 50 specialised but immensely powerful algorithms. Luckily, there are extremely complex engineering problems to overcome before this class of hardware becomes a reality.
Meanwhile, quantum computer announcements are coming thick and fast.
IBM has announced the existence of a very simple device it claims is the first step on the path to a universal quantum computer. Called IBM Q, there’s a web portal for anyone to access and program it, though learning how and what you can do with such a device could take years.
Google is pursuing the quantum annealing approach. The company says it plans to demonstrate a reliable quantum chip before the end of 2017, and in doing so will assert something called “quantum supremacy“, meaning that it can reliably complete specialised tasks faster than a conventional computer. Microsoft is also in on the action. Its approach is called StationQ, and the company been quietly researching quantum technologies for over a decade.
While there’s still a long way to go, the presence of industry giants means there’s no doubt that quantum computers are entering the mainstream. It’ll probably be the fruits of their computational power that we see first in everyday life, rather than the hardware itself. We’ll start to see solutions to currently difficult problems and improvements in the efficiency of everything. Expect good things including improved data transmission and better batteries for electric cars.
Life will really change when universal quantum computers finally become a reality. Be in no doubt that conventional encryption will one day be a thing of the past. Luckily, researchers are already working on so-called post-quantum encryption algorithms that these machines will find difficult to crack.
As well as understandable fears over privacy, and even the rise of quantum artificial intelligence, the future also holds miracles in medicine and other areas that are currently far from humanity’s grasp. The tasks to which we put these strange machines remains entirely our own choice. Let’s hope we choose wisely.
All posts
Using layers of security is a well-known concept designed to reduce the chances of an attacker succeeding in breaching a network. If one layer fails, others exist to mitigate the threat. Next-generation firewalls are a common protection layer. But how well do they work?
Latest reports now online.
All posts
You can probably guess the answer, but we’ll explore how products can score very well in tough tests, and which are the best.
Latest reports now online
There are a lot of threats on the web, and going online without protection is very risky. We need good, consistently effective anti-malware products to reduce our risk of infection.
All posts
Net neutrality is a risk. Is a fox running the FCC’s henhouse?
Net neutrality is a boring but noble cause. It ensures the internet favours no one. So, why is the new chairman of the Federal Communications Commission, Ajit Pai, determined to scrap it?
“For decades before 2015,” said Pai in a recent speech broadcast on C-SPAN2, “we had a free and open internet.
All posts
Endpoint security is an important component of computer security, whether you are a home user, a small business or running a massive company. But it’s just one layer. Our first set of anti-malware test results for 2017 are now available.
Latest reports now online
Using multiple layers of security, including a firewall, anti-exploit technologies built into the operating system and virtual private networks (VPNs) when using third-party WiFi is very important too.
What many people don’t realise is that anti-malware software often actually contains its own different layers of protection. Threats can come at you from many different angles, which is why security vendors try to block and stop them using a whole chain of approaches.
For example, let’s consider a malicious website that will infect victims automatically when they visit the site. Such ‘drive-by’ threats are common and make up about one third of this test’s set of attacks. You visit the site with your web browser and it exploits some vulnerable software on your computer, before installing malware – possibly ransomware, a type of malware that also features prominently in this test.
Here’s how the layers of endpoint security can work. The URL (web link) filter might block you from visiting the dangerous website. If that works you are safe and nothing else need be done.
But let’s say this layer of security crumbles, and the system is exposed to the exploit.
Maybe the product’s anti-exploit technology prevents the exploit from running or, at least, running fully? If so, great. If not, the threat will likely download the ransomware and try to run it.
At this stage file signatures may come into play. Additionally, the malware’s behaviour can be analysed. Maybe it is tested in a virtual sandbox first. Different vendors use different approaches.
Ultimately the threat has to move down through a series of layers of protection in all but the most basic of ‘anti-virus’ products.
The way we test endpoint security is realistic and allows all layers of its protection to be tested.
Our latest reports, for enterprise, small business and home users are now available for free from our website. Please download them and follow us on Twitter and/or Facebook to receive updates and future reports.
See all blog posts relating to test results.
All posts
Forgotten, infected websites can haunt users with malware.
Last night, I received a malicious email. The problem is, it was sent to an account I use to register for websites and nothing else.
Over the years, I’ve signed up for hundreds of sites using this account, from news to garden centres. One of them has been compromised. The mere act of receiving the email immediately marked it out as dodgy.
Continue reading “Infected websites, back from the dead”All posts
Who is behind the CIA’s hacking tools? Surprisingly ordinary geeks, it seems.
At the start of March came the first part of yet another Wikileaks document dump. This time is details the CIA’s hacking capabilities. The world suddenly feared spooks watching them through their TVs and smartphones. It all made for great headlines.
The Agency has developed scores of interesting projects, not to mention a stash of hitherto unknown zero day vulnerabilities. The dump also gives notes on how to create well-behaved, professional malware. Malware that stands the least chance of detection, analysis and attribution to Langley.
We’ve also learned some useful techniques for defeating antivirus software, which the Agency calls Personal Security Products (PSPs).
Continue reading “Behind the CIA’s hacking tools”All posts
Are cyber-scammers creating their own fake news stories to exploit? Jon Thompson investigates cybercrime mis-reporting.
The UK media recently exploded with news of a new phone-based scam. Apparently, all that’s needed for fraudsters to drain your bank account is a recording of you saying “yes”. It runs as follows:
Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.
info@selabs.uk
Connect with us
Find us
