Plausible Deniability in Cryptography

--Originally published at Tobi`s Blog

Let’s start with a little metaphor. Over the weekend we rented a big ass familyvan to drive into the mountains over the weekend. Stupid decisions brought us to a steep muddy path, where we messed around a lot and finally got stuck. Obviously…
Finally we rescue the van somehow, but it really looks like shit. So when we return the van to the unnamed car-rental. The guy gets biiig eyes when he looks at our van and wants to know what we did. He even orders a mechanic to check if we broke it. Big hassle.

What does that have to do with Encryption?
Well, when you’re for example crossing borders and have your encrypted harddrive with you the officer might get big eyes as well and things can get a bit complicated for you. You’ve encrypted your drive, so “obviously” you have something to hide, are lying and a terrorist. Be creative…
Some countries do have a really negative attitude towards encryption.

To come back to the van, if we’ve had cleaned it, no one would have gotten any suspicions.

So how do we achieve that with our encrypted drive?

One method is steganography. The art of hiding a file in another file. So if someone has a look over your data he will be like:

“Oh a video with 4GB” ‘clicks on it’ the video runs Nothing suspicious here

There is no reason to dig deeper. But if you open it with Veracrypt you’re prompted with: “Please enter Password”.

One way to achieve this is described here:
http://keyj.emphy.de/real-steganography-with-truecrypt/

Well implemented steganography is the master’s way of plausible deniability, because there is even to closer look, no hint of an encrypted container.

Another way is to use Veracrypts hidden container in a container. The second container is

Continue reading →

All the Wrong Questions: When did you Change your Wi-Fi Password last?

--Originally published at Stories by Juan Andrés Rocha on Medium

A random person shows up at your place: a mailman, a milkman, an insurance salesman, a friend, a friend’s friend or a family member. You talk to them for a little while and then they ask if they can come into your home, and you show them every corner of it, including where you keep your family pictures, your IDs and where you keep the money. Do you? No, because that would compromise your security, wouldn't it? No? You really don’t care?

Well, maybe we don’t do that (very often) but we share our home network everytime a guest shows up. But, what does that have to do with compromising security? you may ask. Well, that’s another wrong question.

Most of the time, our gadgets share private information over the network, because every device connected to your home network is trustworthy, isn’t it? Look, I’m not saying you shouldn’t trust your family or friends, what I’m saying is: if you want to keep it tight, you should definitely look “Computer Security” up. A term which here means the protection of data, networks and computing power (Davis, 2015).

Sometimes, we’re just too confident with how we handle our sensitive information and home networks, and that’s why we should study Computer Security. Some ways to stay safe is to create a guest network and to change our Wi-Fi passwords regularly to avoid others from breaking in or infiltrating our networks, and get access to our files.

Also, if you’d like to know who’s connected to your Wi-Fi network, you can use this really helpful app called Fing.

Fing is a network scanner to detect intruders, and solve network issues easily. You can download it for Android and for iOS.

This is the first post of a series on Computer and Information

Continue reading →

I can CIA you

--Originally published at Computer Security

While surfing the Internet a lot of thins happen with the websites that we visit. Some of them store information about our location or some data that we provide to log in or sign in, but what if this information falls into the wrong hands?

As we know, in the Internet there´s all kinds of people (even those ones that you couldn’t ever imagine), some of them are malicious persons looking for even the minimum vulnerability on the websites for retrieving information or taking advantages in some way of the security breaches. This breaches could be found by curious people that are looking at the source code of the websites, by people that know about vulnerability on the security or even those users that want to play to be God.

Because of that, exists the renamed CIA (no, I’m not talking about that one that probably is watching you while you reading this)

https://giphy.com/embed/li4hG3WqUqDNm

I’m talking about Confidentiality, Integrity and Availability. This model that allows us to be safe that the websites that we provide our information it’s safe in it (it could be encrypted), that ensures that the information is not altered by malicious people and that can only be acceded by authorized users.

https://giphy.com/embed/bWqZQ2qlXV0Gc

So, it’s not that bad, if the website accomplishes this specifications you can relax, so keep watching memes calmly.

https://giphy.com/embed/14f7i886ytj56

The importance of CIA: confidentiality, integrity and availability

--Originally published at Information Security – Juan Pablo's Blog

In network security, there are 3 fundamental concepts called accessibility, confidentiality, and integrity. If any of the 3 is not present, the other 2 can’t be either achieved. Availability We need to make sure that all our systems and networks stay up and running properly 24/7. This term involves everything related to capacity, performance, and … Continue reading

Computer and Information Security

--Originally published at Stories by Luis Arturo Mendoza on Medium

I was looking some article on Medium about Computer and Information Security and I didn’t find anything good, so my purpose is to publish four articles every month about Information Security on Medium. It’s important to mention that I’m studying Information Security in my class at ITESM.

If you want to hear about specific topic you can tell me in the comments and I will do my best to write about it.

We read soon.