Profile cover photo
Profile photo
Valerie Fenwick
316 followers
316 followers
About
Valerie's posts

Post has attachment
ICMC17: Thomas Jeffereson ande APple versus the FBI
Daniel J. Bernstein, University of Illinois at Chicago & Technische Universiteit Eindoven Gutenberg's original printing press was based on a wine press - who knew? If you think beer or wine is dangerous, you may think the best thing to do is prohibit alcoho...

Post has attachment
ICMC17:Zero Knowldege Doesn't Mean Zero Ethics
Joshua Marpet, SVP, Compliance and Managed Services CyberGRC Zero knowledge system: A mathematical proof: zero knowledge proofs and verifiable secret sharing are vital for mutli-party secure sharing. Can be used in health care, blockchain, etc. Can use bloc...

Post has attachment
ICMC17: REvisiting Thread Models for Cryptography
Bart Preneel, imec-COSIC KU Leuven, Belgium Rule #1 of cryptanalysis: search for plaintext first :-) With the Snowden documents, we learned that the NSA is foiling much of the deployed encryption - using super computers, turnkeys, backdoors, etc. If you can...

Post has attachment
ICMC17: Encryption and Cybersecurity Policy Under the New Administration
Neema Singh Gulani, Legislative Counsel (Privacy and Technology), ACLU We still don't know what the policies are going to be, yet, but she's here to give us her understanding of where we are and where she thinks we're going. Why should you care, if you're n...

Post has attachment
ICMC17: Crypto You're Doing it Wrong
Jon Green, Sr. Director, Security Architecture and Federal CTO, Aruba Networks/HPE Flaws can be varied and sad - like forgetting to use crypto (like calling a function that was never completed for your DRBG! Jon showed us an example of validated code that w...

Post has attachment
ICMC17: Keynote: From Heartbleed to Juniper and Beyond
Matthew Green, Johns Hopkins University. Kleptography - the study of stealing cryptographic secrets. Most people did not think the government was really doing this. But, we do know there was a company, Crypto AG, that worked with the NSA on their cipher mac...

Post has attachment
ICMC17: Evolving Pracitce in TLS, VPNs, and Secrets Management
Kenneth White (@KennWhite) A good quote starts: "There is no difference, from the attacker's point of view, between a gross and tiny errors. Both of them are equally exploitable."..."This lesson is very hard to internalize. In the real world, if you build a...

Post has attachment
ICMC17: Crypto++: Past Validations and Future Directions
Jeffrey Walton, Security Consultant. This is an older toolkit, Jeff fell in love with it when he was in college in the 90s. He's been working in computer security ever since. Crypto++ is a C++ class library, written by Wei Dai in June 1995. It's a general p...

Post has attachment
ICMC17: Penetration Testing: TLS 1.2 and Initial Research on How to Attack TLS 1.3 Stacks
Scapy TLS: A scriptable TLS stack, Alex Moneger, Citrix Systems TLS is the protocol that secures the internet, and there are very few alternatives. It's a session layer protocol for other protocols, and it is very complex. Sure, you can implement it in 3 we...

Post has attachment
ICMC17: What's new in TLS 1.3 (and OpenSSL as a result)
Rich Salz, Akami, OpenSSL Developer TLS 1.0 was a slight modification of the original SSL protocol by Netscape, published in January 1999. Basically the same as SSL3 - it is bad, it is weak, it has no good ciphers and it's still in wide use. TLS 1.1 came ou...
Wait while more posts are being loaded