Two Neat Programs

So, what can I do to better secure my personnel information? Well, there's plenty of methods to secure one's data. A free program that I personally use is called KeePass 2. What KeePass is is essentially a secure encrypted database where one can store their passwords. And they can access it by using a master key (or password) or with the use of a key file. What's interesting about KeePass is that it also allows you to generate passwords with characters of all sorts and letting you choose how long your passwords can be. The database itself are encrypted with the most secure algorithms thus far, AES. Given that AES is "effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information." I would say it's quite secure. 

Another free program that I have used is called Axcrypt. This software allows you to encrypt individual files by simply right-clicking on the file and selecting encrypt. One can encrypt things from word documents to individual picutres. And it also makes use of the AES algorithm.  

(Source: http://www.net-security.org/secworld.php?id=5523)
Works Cited
"Axantum Software AB | AxCrypt | File Encryption Software." Axantum Software AB | AxCrypt | File Encryption Software. N.p., n.d. Web. 20 Feb. 2013.
"Features - KeePass." Features - KeePass. N.p., n.d. Web. 20 Feb. 2013.
"KeePass Password Safe." KeePass Password Safe. N.p., n.d. Web. 20 Feb. 2013.

Let's BackTrack

In my previous blog post, I mentioned about one method of being able to crack the encryption on one's WiFi making use of Aircrack. Aircrack is a network software that allows the user to be able to recover those keys once enough packets have been captured. Also, this software is included in an OS (or operating system, much like how we mostly use Windows 7) called BackTrack. BackTrack is a Lunix based OS, designed for penetration testing. Which is essentially what  a white hat does as I mentioned in a past blog. This short video simply highlights what the latest version of BackTrack has in store. What's also interesting is that this operating system is free to the public to download and use. 

(A 2 minute video about Backtrack 5)

(Source:http://www.backtrack-linux.org/)

In this next video, this individual will demonstrate the use of Aircrack and will show you the process of actually cracking the encryption of a WPA encryption and making use of a Dictionary-attack. That is, an attack that goes through all the words in the dictionary as a password. To help clarify a few other things before-hand, the person mentions Airodump. Which in a nutshell, is a packet sniffer which is a software that basically captures packets (little bits of information) being sent and received. The user (in the video) also mentions WPA handshake. That is, the process of how two entities communicate to one another. 

(A 5 minute video demonstrating a dictionary attack)

Works Cited
Darkaudax. "Aircrack-ng." Airodump-ng []. N.p., 05 Aug. 2012. Web. 20 Feb. 2013.
Franklin, Curt, and Dave Coustan. "How Operating Systems Work." HowStuffWorks. N.p., n.d. Web. 20 Feb. 2013. Rouse, Margaret. "Dictionary Attack." What Is ? N.p., Oct. 2005. Web. 20 Feb. 2013. "What Is Linux and Why Is It so Popular?" HowStuffWorks. N.p., n.d. Web. 20 Feb. 2013. "WPAÂ Handshake." WPA Handshake. N.p., n.d. Web. 20 Feb. 2013.

Let's get cracking...

As you may have already noticed, there are many new technologies coming out such as Ipads, macs, laptops and other mobile devices. What's one thing that they all have in common? They make use of WiFi. This allows the devices to connect to Internet with the use of certain radio waves and frequencies. However, we would need to secure ourselves with some kind of password so that other's can't just hop onto our network. And with that, we have encryption. Which is the process of encoding messages (or information) so that hackers or other unwanted people can't read it, but those with the "key" can unlock the messages and read it.

Source: http://www.data-processing.hk/glossaries/encryption/

In general there are two types of encryption for Wifi, WEP and WPA. WEP stands for Wired Equivalent Privacy and for a long time was considered "a good method for encrypting wireless connections. However was proved to have many flaws mainly involving the short key size,which were easy to crack" (Gross). And it was until stronger encryption came about such as the 128-bit and 256-bit encryption. 128-bit means that there are 2¹²⁸ different keys. So, one would have to go through a lot of keys in order to decrypt the message.  

WPA stands for Wi-Fi Protected Access. And is being more widely used as it provides more security than that of WEP. Because it makes use of TKIP or Temporal Key Integrity Protocol. "TKIP is 128-bit, but instead of the key  being static it generates a new key for every packet of information that is sent, meaning  it is a lot more secure" (Gross). Then there is also WPA2, which instead of TKIP, uses CCMP or CipherBlock Chaining Message Authentication Code Protocol.

What I use is WPA2-Personnel or referred to as WPA2-PSK. The PSK stands for "Pre-Shared Key, and is designed for home users and small offices where a server is not required for authenticating messages. It works by having each wireless devices such as laptop or smart phone authenticating directly with the wireless access point using the same key" (Gross). And because WPA2 makes use of AES, it gives home users more security.

Despite all of this encryption, there are still ways to crack the code. A popular method is with the use of a free program called Aircrack.

Works Cited

Brain, Marshall, and Tracey V. Wilson. "How WiFi Works." HowStuffWorks.N.p., n.d. Web. 13 Feb. 2013.

"Ckwop.me.uk :: What does 128-bit  Encryption Really Mean?" Ckwop.me.uk :: What does 128-bit Encryption Really Mean? N.p., n.d. Web. 13 Feb. 2013.

Gross, Melanie. "Types of WiFi Encryption You Can Use." Ghacks Technology News RSS.N.p., 22 Sept. 2011. Web. 13 Feb. 2013.

Rouse, Margaret. "CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)." SearchMobileComputing.N.p., June 2008. Web. 13 Feb. 2013.

Tyson, Jeff. "How Encryption Works." HowStuffWorks. N.p., .n.d. Web. 13 Feb. 2013.

Cyber War

What's interesting is that in this particular article I read is that given that we were to be imminent of a cyber attack, Barrack Obama could order a preemptive strike given that there is enough evidence. He would be able to authorize a cyber attack himself in order to defend the United States against the threat. 

Given that the pentagon has plans to increase our cyber security force by five fold over the next several years, it tells us that there could be an upcoming cyber attack and that we make sure we don't fall behind in this virtual war. After all, the cyber attacks that had occurred on "a Saudi Arabian oil company that scrubbed data from more than 30,000 computers, and a series of DDoS attacks carried out on U.S. banks" (Vranicar) should indicate that cyber warfare is not to be taken so lightly and that it can affect us as well. 

It's like what my professor would always tell us, who happens to be a cyber security professional, is that "you don't need bombs and bullets to kill, you just need one's and zero's."

Work's Cited

Vranicar, David. "TECH TREKPentagon to Beef Up Cyber Security Aresenal." Technology News: Tech Blog: Pentagon to Beef Up Cyber Security Arsenal. N.p., 28 Jan 2013. Web. 06 Feb. 2013.

Adhikari, Richard. "Secret Review Gives Obama License to CyberKill." Technology News: Cybersecurity:. N.p., 05 Feb. 2013. Web. 06 Feb 2013.

What day was it?

As I was browsing the Internet, I actually stumbled upon a rather interesting article about Java. For some who aren't sure what Java is, it's essentially a programming language that programmers would use to create programs. And it's used in many things such as "online credit card processing, online banking, online auctions, games, messaging programs" (What is)  and many more. In this article, it talked about how as many as over 100 million computers may be vulnerable due to a zero day flaw in the Java programming language.

A zero day is an attack that exploiters use to take advantage of vulnerabilities that don't have a solution. In a sense it's an attack that the creators of the Java (in this case) and it's users are unaware of. 

The vulnerability that this flaw had imposed "was considered so serious that the U.S. Department of Homeland Security urged computer users to turn off Java on their machines" (Mello). And because of this flaw, it poses a major risk of identity theft and bank fraud along with many other threats it poses.

Also, since the next patch for Java isn't until the 15th of February, that leaves many of those who uses Java still at risk.  

Is it really worth the risk despite the many capabilities that Java allows for us to have?  

Works Cited

Bram Thursday, and Lucy Oppenheimer. "What Is a Zero Day Attack?" WiseGeek. Conjecture, 22 Oct. 2012. Web. 06 Feb. 2013.

Mello, John P., Jr. "SPOTLIGHT ON SECURITY100 Million Systems Vulnerable to Java Flaw." Technology News: Security: 100 Million Systems Vulnerable to Java Flaw. N.p., 14 Jan. 2013. Web 06 Feb 2013.

"What is Java? A Java Definition." What is Java and What is JavaScript Used For? A Java Definition. N.p., n.d. Web. 06 Feb. 2013.