Sunday, February 10, 2013

Breaking HTTPS and Decrypt Encrypted Disk

More vulnerabilities in computer systems discovered lately including security mechanism. HTTPS which currently used by many sectors for a secure web application is no longer secure. With current news, HTTPS can be cracked using knowledge on TLS structure.

Using MiM @ Man-in-the-middle attack, Prof. Kenny Paterson and his PhD student from Information Security Group of Royal Holloway claimed that they had successfully attack HTTPS (refer here). They shows that although there are few steps, assumption, and measurement requires, but there is possibility of attacking and thus making HTTPS vulnerable; or the applications run through it.

Adding to the news of 'insure HTTPS' , tools that releases to help catching the bad guys can also be a good tool for them. Forensic Disk Decryptor Tool by Elcomsoft which used by forensic team in information security to decrypt disc encrypted by TrueCrypt, BitLocker, and PGP may also help attackers to decrypt disk or documents encrypted by the earlier mention tools. Hence, once release for good is now used for evil.

This, in the end, came back to individual characteristics. A good people will use for good and vice versa.... It depends on how and what is the purpose and whom the user is....


Share It

Popular Posts