Definition of Cryptography
Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa.
It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography protects data from theft or alteration.
History of Cryptography
Earlier cryptography was effectively synonymous with encryption but nowadays cryptography is mainly based on mathematical theory and computer science practice.
Before the modern era, cryptography focused on message confidentiality — conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without the key needed for decryption of that message.
Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, etc.
Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science started around one hundred years ago.
At the end of World War I, Arthur Scherbius, a German engineer invented The Enigma machine, which was a piece of spook hardware heavily used by the German forces during the World War II. Later, it was used by Britain’s code-breakers as a way of deciphering German signals traffic.
Modern cryptography is the cornerstone of computer and communications security. It is based on various concepts of mathematics such as number theory, computational-complexity theory, and probability theory.
There are three major characteristics that separate modern cryptography from the classical approach. It operates on binary bit sequences and it relies on publicly known mathematical algorithms for coding the information.
Secrecy is obtained through a secret key which is used as the seed for the algorithms. The computational difficulty of algorithms, the absence of a secret key, etc. make it impossible for an attacker to obtain the original information even if he knows the algorithm used for coding.
In symmetric encryption, you use the same key for both encryption and decryption of your data or message. Both of you need to have the same key in order to encrypt and decrypt the messages that you may exchange with each other.
Symmetrical encryption is an old and best-known technique. It uses a secret key that can either be a number, a word or a string of random letters.
The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.
Asymmetric encryption is quite opposite of the symmetric encryption because it doesn’t use a single key but a pair of keys: a private one and a public one.
You use one to encrypt your data, which is called public key, and the other to decrypt the encrypted message, which is called the private key.
Your private key is yours and it must be kept private, because it is the only key that can decrypt any message that was encrypted with your public key.
Public keys are public and thus no security is required – it needs to be publicly available and can be passed over the Internet.
The public key is used to encrypt a message that can only be decrypted using its private counterpart.
Cryptography has played an enormous role in the shaping and development of many societies and cultures.
Today, cryptography takes a new shift, new algorithms are being developed to catch up with the eavesdroppers and secure information to enhance confidentiality.
Often, we have conversations where there’s confidential information flow between two parties. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late.
In other words, man-in-the-middle attacks are a common type of cybersecurity attack that allows attackers to eavesdrop on the communication between two targets.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
In a man-in-the-middle-attack, the attacker becomes an intermediary between all communications happening between victim systems and the gateway. He can easily sniff and modify information at will. A man in the middle attack happens in both wired and wireless networks.
How Does It Work?
Here is an example of how it goes:
Jane and Peter are having a conversation; Eve wants to eavesdrop on the conversation but also remain transparent. Eve could tell Jane that she was Peter and tell Peter that she was Jane. This would lead Jane to believe she’s speaking to Peter, while revealing her part of the conversation to Jane. Jane could then gather information from this, alter the response, and pass the message along to Peter (who thinks he’s talking to Alice). As a result, Eve can transparently hijack their conversation.
Different Types of Man-in-the-middle Attack
There is not just simply one type of man-in-the-middle-attack. Rather, there are several types of MITM attacks:
- ARP poisoning
- WiFi WEP/ WPA/2 Hacking
- DNS spoofing
- STP mangling
- Port stealing
A successful ARP spoofing (poisoning) attack allows an attacker to alter routing on a network, effectively enabling a man-in-the-middle attack.
In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.
Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.
WiFi WEP/ WPA/2 Hacking
Once the WEP or WPA encryption process starts, the attacker can commence his own operation by using a sniffer program to find wireless gadgets running in peer mode. This should enable him to gain root access to a system in the long run – he has already bypassed the main defenses of your mobile or wireless connection).
After that, he can deploy a key logger or a precisely placed Trojan horse that will allow him to gain complete control over your network system, exploiting every weakness that’s been outlined thus far.
The WiFi client hacking attack described above can be done even if the victim is traveling and only using his laptop at an airport or hotel lobby. It will have to expose itself to hackers as well; that’s the true price of using a complimentary WiFi service.
DNS Spoofing is a type of computer attack wherein a user is forced to visit a fake website disguised to look like a real one, with the intention of diverting traffic or stealing credentials of the users. Spoofing attacks can go on for an extended period without being detected and can cause serious security issues.
DNS spoofing is done by replacing the IP addresses stored in the DNS server with the ones under control of the attacker.
Therefore, every time users try to go to a certain website, they get directed to the false websites placed by the attacker in the spoofed DNS server. This way your computer is convinced that the attacker’s site is to be trusted and that it is the site you requested.
STP (Spanning-Tree Protocol) mangling refers to the technique used by the attacker host to be elected as the new root bridge of the spanning tree.
The attacker may start either by creating BPDUs (Bridge Protocol Data Units) with high priority assuming to be the new root, or by broadcasting STP Configuration/Topology Change Acknowledgement BPDUs to get his host elected as the new root bridge.
By taking over the root bridge, the attacker will be able to intercept most of the traffic.
Port stealing is a kind of attack where someone “steals” traffic that is directed to another port of an Ethernet switch. This attack allows someone to receive packets that were originally directed to another computer.
It does so by making the switch believe that the attacker’s port is the correct destination for the packet.
This is how the port stealing technique works:
- Steal the port,
- Receive some data,
- Give the port back,
- Forward the data to the real destination,
- Go back in step 1 by stealing the port again.
Man-in-the-middle Attack Prevention
Your best defense against man-in-the-middle attack is to be very cautious when connecting to free or unsecured Wi-Fi networks. When visiting a website, make sure “HTTPS” is always in the URL bar of the websites you visit.
Be aware of the potential phishing emails from attackers asking you to update your password or any other log in credentials. Instead of clicking in the link provided in the email, you can manually type the website in questions address into the URL bar of your browser and proceed from there.
The best way to protect your PC from any type of malware on time is installing an antivirus solution, as a basic protection tool and an anti-malware solution as a necessary additional layer of protection. Be sure to keep the programs up to date.
To protect against man-in-the-middle attacks, you can consider using an anti-keylogger or rootkit detection software as well.
You can try our Zemana AntiLogger, a pioneer in anti-keylogging software or our Zemana AntiMalware, which proved to be the best anti-ransomware tool and the best rootkit and bootkit remediator according to MRG Effitas.
The Most Famous Man-in-the-middle Attack
It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom.
The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. The malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers.
Documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, code-named Operation Socialist.
What Is a Cyber-Attack?
- Attacks where the goal is to disable the target computer or knock it offline, or
- Attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it
Biggest Cyber-Crimes In History
Target Breach in 2013
Yahoo Breach in 2013
Many Respondents Unaware That Some Types of Malware Can Be Undetected by Traditional Antivirus.
Download Zemana AntiLogger here.
Uzun lafın kısası: İkisine de ihtiyacınız var! Ne, Nasıl yani? Sakin olun, açıklıyoruz.
Antivirüs ve anti-malware arasındaki fark nedir?
Çoğunuz antivirüs ve anti-malware kelimelerini sıkça duymuşsunuzdur. Hele ki son günlerde yayılan WannaCry fidyeci zararlısıyla daha sık duyar oldunuz (Fidyeci zararlılarından kurtulmanın yoluna buradan ulaşabilirsiniz). Muhtemelen bu kavram kargaşasında kaybolmuş, anti virüs ve anti-malware arasında fark olmadığını düşünmüş olabilirsiniz. Anti-malware ile antivirüsün aynı anlama geldiğini düşünüp bilgisayarınıza anti-malware kurmamanız gerektiğini düşünüyorsanız yanılıyorsunuz. Yazının devamında antivirüs ve anti-malware arasındaki temel farkın ne olduğundan bahsedeceğiz.
Bilmeyenler için, malware İngilizce’de “malicious software”, yani şüpheli yazılım kelimelerinin kısaltmasıdır. Burada şüpheden kasıt, yazılımın kullanıcıdan habersiz istenmeyen işlemler yapma ihtimalidir. Zararlı yazılımlar verilerinize ve programlarınıza hasar verebilir, diğer bilgisayarlara yayılabilir ve gizli bilgilerinizi çalabilirler. Farklı zararlı yazılım çeşitleri vardır:
– Casus yazılımlar
– Reklam zararlıları
– Fidyeci zararlıları vs.
Buna göre virüsün, programlarınıza ve verilerinize bulaşarak yayılan bir zararlı yazılım türü olduğunu söyleyebiliriz. Virüslü bir uygulamayı çalıştırdığınızda önce virüs çalışır, sonrasında programın kendisi çalışır. Böylece virüs uygulamanın çalışmasını etkilemeden kendini gizlemiş olur.
Halihazırda kurulu antivirüs yazılımım var. Neden yanına anti-malware kurayım?
Şimdi asıl meseleye gelelim.
Antivirüsler bilgisayarınız (ve tabi ki cep telefonunuz) için başlıca yazılımlardan birisidir. Bilgisayarınızda tehditlere karşı koyan ilk duvar antivirüsler olacaktır. Bununla birlikte geleneksel antivirüs teknolojisi günümüzde sizi korumak için yeterli olmamaktadır, çünkü antivirüsler yalnızca bilinen virüs türlerine karşı etkilidir.
Her antivirüs yazılımı, içinde virüs veri tabanı bulundurur. Bilgisayarınızda virüslü uygulama çalıştırmaya kalktığınızda öncelikle bu veri tabanından kontrol edilir. Eğer varsa engellenir. Bunun anlamı, önceden tanınmamış bir virüs bulaştığında antivirüs yazılımınızın yapabileceği hiçbir şey olmayacaktır, ta ki o virüs incelenip veri tabanına eklenene kadar.
Bir diğer önemli nokta ise virüslerin tek tehdit olmaması gerçeği. Her geçen gün daha akıllı ve yaratıcı yüzlerce zararlı yazılım (virüslerin dışında) ortaya çıkmaktadır.
Peki daha önce hiç ortaya çıkmamış zararlı yazılımlardan nasıl korunabilirsiniz?
Geleneksel antivirüsler, kendi veri tabanlarında bulunmayan tehditleri tespit edemeyeceklerdir. Bu problemin cevabı anti-malware yazılımlarıdır. Anti-malware korumasına ihtiyacınız var, çünkü bu sizi bilinen ve bilinmeyen tüm tehditlerden koruyacaktır. İşte antivirüs ve anti-malware yazılımları arasındaki temel fark budur.
Zemana AntiMalware virüs tanımlarını sizin bilgisayarınızda tutmayan bir yazılımdır! Zemana AntiMalware bir şüpheli yazılım bulduğunda bunun parmak izini Tarama Bulutuna gönderir. Milisaniyeler sonra buluttaki tarama ajanları şüpheli uygulamanın zararlı olup olmadığını söyler. Eğer tespit edemezse uygulamanın tamamını buluta göndererek daha detaylı inceleme yapar.
Sonrasında Pandora teknolojisi ile yeni nesil tarama gerçekleştirerek bilinmeyen zararlılara karşı sizi güvende tutar. Zemana AntiMalware virüslere karşı veri tabanını kullanarak koruma sağlamasına ek olarak bilgisayarınızdaki her türlü şüpheli davranışı da tespit edip engeller. Sizi;
– Casus yazılımlardan
– Reklam zararlılarından
– Henüz keşfedilmemiş zararlılardan koruyacaktır.
Daha önce belirttiğimiz gibi, antivirüs yazılımları bilgisayarınızda basit ve temel koruma sağlar. Fakat bu yeterli değildir ve sizin daha iyi çözümlere ihtiyacınız var.
Zemana AntiMalware sahip olduğunuz tüm antivirüslerle uyumlu çalışacak şekilde geliştirildi. Hafiftir ve hızlı çalışır, asla bilgisayarınızı hantallaştırmaz. Zemana AntiMalware, bilgisayarınızda kesinlikle bulunması gereken bir ek koruma yazılımıdır.
Özetle, antivirüs yazılımınızı bilgisayarınızda ve telefonunuzda kullanırken (telefonunuzu da güvende tutmayı unutmayın) anti-malware ile ek koruma sağlamayı ihmal etmeyin. Aşağıda ihtiyacınız olan linkleri bulabilirsiniz.
Do I need an antimalware or an antivirus?
Straightforward answer: You need them all! Wait, what?! Ok, let’s elaborate it.
What Is The Difference Between Antivirus and Antimalware?
Many of you have probably heard words Anti-malware and Antivirus thousands of times, especially in recent period due to unfortunate WannaCry ransomware attacks (check here how to stay safe from ransomware attacks).
And some of you have probably been confused by the terms, believing that these two are the same thing and you couldn’t figure out what’s is the real difference between antivirus and anti-malware.
You might ask yourself: Why should you need to install antimalware, when it is just a synonym for the word antivirus, right? Well, you were wrong. Continue reading and learn the main difference between antivirus and anti-malware.
For those of you who do not know, malware is a malicious software that run on users’ PCs without their consent. Malware damages your programs and data and they can also spread to other computers and steal private information. There are different types of malware:
– ransomware etc.
Therefore, a virus is a type of malware that spreads by infecting you programs and data. It modifies your data by adding its own copies (viruses can replicate), which can also be infected. When you run an infected program, first the virus runs and then the program itself. This way the virus remains hidden.
I Have an Antivirus Installed. Why Do I Need an Antimalware Protection As Well?
Antivirus software is an essential protection for your PC (and your phone as well). It is the first wall of defense against threats. However, traditional antivirus technology is not enough today because it protects only from the known viruses.
Every antivirus software has its own virus database and once you get infected, the infections goes through the database and if the software recognizes the threat it blocks it. This means, that when new viruses come out somebody needs to get infected in order for the virus to get discovered.
Another very important thing is that viruses are not the only threat today. Hundreds of different malware (apart from viruses) are being created every day because hackers are becoming more and more intelligent and creative.
So, How Will You Stay Safe From These Unknown Threats (Zero-Day Malware) That Have Never Been Seen Before?
Your traditional antivirus protection will not recognize them because they are not in its database. The answer to this question is antimalware technology. You need an antimalware protection, because it will keep you safe from all types of known and unknown malware and this is what makes the difference between antivirus and anti-malware software.
Zemana AntiMalware is a software that does not store virus definitions on your PC! Instead, when our software finds a suspicious file, it passes the fingerprint to the Scan Cloud. Milliseconds later, the Scan Cloud marks the file as safe or malicious, or else asks AntiMalware to upload it for further examination.
After that, with its Pandora Sandbox Technology it performs another level of scanning which increases your protection from unknown malware. Instead of only waiting for its database to match and confirm the type of virus infection, Zemana AntiMalware blocks any kind of suspicious activity on your PC. It protects you from:
– Adware Infections
– Zero-day malware
As we mentioned above, antivirus software is a basic and essential protection for your PC. But this is not enough and you need to look for more.
Zemana AntiMalware is designed to be compatible with any antivirus program you have. It is lightweight and will not clutter up your drive. Therefore, Zemana AntiMalware protection is a must-have additional layer of protection.
So, to summarize, keep your chosen antivirus on your PC and phone (never forget to keep your phone safe as well) but don’t forget to install anti-malware software as well to stay fully protected. Below you can find the needed links: