Skip to main content

Posts

Showing posts from June, 2021

End To End Encryption (E2EE)

  End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another. In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service. Many popular messaging service providers use end-to-end encryption, including Facebook, WhatsApp and Zoom. These providers have faced controversy around the decision to adopt E2EE. The technology makes it harder for providers to share user information from their services with authorities and potentially provides private messaging to people involved in illicit activities. How does end-to-end encryption work? The cryptographic keys used to encrypt and decrypt the messages are stored on the endpoint...
Post a Comment
Read more

Threat Modelling

  Threat modelling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Threat modeling helps to identify the security requirements of a system or process -- anything that is mission-critical, processing sensitive or made up of valuable data. It is a systematic and structured process that aims to identify potential threats and vulnerabilities to reduce the risk to IT resources. It also helps IT managers understand the impact of threats, quantify their severity and implement controls. In terms of software security, threat modelling is the most important part of software design and development. It is impossible to build applications and systems that comply with corporate security policies and privacy and regulatory requirements without evaluating and mitigating threats. IT-based threat mode...
Post a Comment
Read more

Social Engineering

  Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain. Threat actors use social engineering techniques to conceal their true identities and motives, presenting themselves as trusted individuals or information sources. The objective is to influence, manipulate or trick users into releasing sensitive information or access within an organization. Many social engineering exploits rely on people's willingness to be helpful or fear of punishment. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources. Social engineering is a popular tactic among attackers because it is often easier to exploit people than it is to find a network or software vulnerability. Hac...
Post a Comment
Read more