[ale] Security is still hard
Bob Toxen
transam at verysecurelinux.com
Mon Oct 3 11:49:00 EDT 2022
YUP! A client asked me to "sniff" traffic that another supplier claimed
was encrypted and I proved that it was not!
In another case a very large manufacturer (you'd instantly recognize their
name) hired a satellite company to provide encrypted communications to
its dealers around the word. One very smart dealer used a line analyzer
to prove that the communications was NOT encrypted and that each dealer
could see every other dealer's supposedly confidential sales information.
This would allow another dealer to snatch an impending sale away! The
manufacturer hired a well-known computer security company to fix it and
they contracted with me to write the communication code to encrypted it.
Also, when analyzing don't be fooled by simple obscuring that anyone
can crack quickly, such as ROT 13 (Caeser encoding) that replaces each
'a' with 'n', 'b' with 'o', etc.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Retired from Quality Linux & UNIX security and SysAdmin & software
consulting since 1990.
Retired from Quality spam and virus filters.
On Wed, Sep 28, 2022 at 07:44:58PM -0400, Jim Kinney via Ale wrote:
> On Wed, Sep 28, 2022, 7:38 PM DJPfulio--- via Ale <ale at ale.org> wrote:
>
> >
> >
> > Takeaway:
> > Claims that something is encrypted and secure should be taken with a pound
> > of salt.
> >
>
> I fixed the comma-splice and made the statement true.
More information about the Ale
mailing list