[ale] Security is still hard
Jim Kinney
jim.kinney at gmail.com
Mon Oct 3 12:25:54 EDT 2022
I upgraded to rot26. It's twice as strong as rot13.
On Mon, Oct 3, 2022, 11:50 AM Bob Toxen <transam at verysecurelinux.com> wrote:
> YUP! A client asked me to "sniff" traffic that another supplier claimed
> was encrypted and I proved that it was not!
>
> In another case a very large manufacturer (you'd instantly recognize their
> name) hired a satellite company to provide encrypted communications to
> its dealers around the word. One very smart dealer used a line analyzer
> to prove that the communications was NOT encrypted and that each dealer
> could see every other dealer's supposedly confidential sales information.
>
> This would allow another dealer to snatch an impending sale away! The
> manufacturer hired a well-known computer security company to fix it and
> they contracted with me to write the communication code to encrypted it.
>
> Also, when analyzing don't be fooled by simple obscuring that anyone
> can crack quickly, such as ROT 13 (Caeser encoding) that replaces each
> 'a' with 'n', 'b' with 'o', etc.
>
> Bob Toxen
> bob at verysecurelinux.com [Please use for email to me]
> http://www.verysecurelinux.com [Network&Linux security consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security
> 2/e"]
> Retired from Quality Linux & UNIX security and SysAdmin & software
> consulting since 1990.
> Retired from Quality spam and virus filters.
>
> On Wed, Sep 28, 2022 at 07:44:58PM -0400, Jim Kinney via Ale wrote:
> > On Wed, Sep 28, 2022, 7:38 PM DJPfulio--- via Ale <ale at ale.org> wrote:
> >
> > >
> > >
> > > Takeaway:
> > > Claims that something is encrypted and secure should be taken with a
> pound
> > > of salt.
> > >
> >
> > I fixed the comma-splice and made the statement true.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20221003/264a5c30/attachment.htm>
More information about the Ale
mailing list