Tag Archives: Cybersecurity

If Cybersecurity is the “Biggest Threat” to Western Powers, Why is there NO Cybersecurity Zone at DSEI 2019?

Over 35,000 people will stroll the aisles at DSEI this year. They expect exhibitors, more than 1,600 of them, to amaze with new, innovative solutions for the greatest problems in defence. The world’s biggest defence contractors and service providers will be there demonstrating their latest and most impressive technologies and solutions. 

Thought leadership? DSEI will host over 300 speakers that are all government leaders or experts in the defence industry. 

As far as defence conferences go, DSEI is the pinnacle. 

Continue Reading »

A Bank’s Biggest Challenge: Data Security Compliance

There have been more than 500 bank failures in the past decade. 

More than 500 failures.

Of them, most were smaller community banks that couldn’t recover from the effects of the Great Recession. Since the economic downturn, the surviving banks are regaining strength and financial stability, but many are still struggling with operational and financial challenges.

Continue Reading »

Hackers Are Targeting Community Banks. Here’s What You Need to Know.

“Our money is safer under the mattress than it is in the community bank!”

We all sort of laughed at my neighbor’s conclusion to the philosophical discussion about current banking cyber crimes. About five of us were tossing around our perceptions of the cyber readiness of financial institutions when Chris decided we should just take all our money out. Of course, we were being a bit fantastical and just having fun with our dramatized cyber doomsday scenarios. And I don’t think Chris was serious about keeping his money under a mattress. 

But the truth is, many banks are struggling to keep up with information security. And the terrifying truth is, a lot of their efforts are trailing behind hackers’ capabilities.  

Continue Reading »

Does the Raytheon Technologies Merger Threaten National Security?

Last month, aerospace giant United Technologies and defense leader Raytheon announced their merger. The new company, Raytheon Technologies Corp, will be the second largest aerospace-defense entity in the world. And while most of the aerospace-defense world reacted with varying degrees of surprise, some are looking at this merger a bit more skeptically.   

President Donald Trump, particularly, raised some very specific concerns about the unification. 

Continue Reading »

How Hackers Are Spying on US & Canadian Special Forces

The United States military has over 2 million uniformed members. When we think about that number, it’s easy to envision a massive fighting force positioned all over the world defending the country and its allies.

In reality, however, a mere 2% of that force – an elite group known as Special Operations Forces (SOF) – are fighting more and more of America’s battles.

In fact, Special Operations troops execute missions in over 80 countries on a continual basis.

Continue Reading »

What You (and Your Boss) Need to Know About the Facebook + WhatsApp Merge

Things have changed. There was a time in the not-so-distant past when companies and organizations felt confident and secure in communicating via email. As technology developed, many of those entities supplemented their communications by adding text messaging to send quick updates or transmit time sensitive information.

These days, most enterprises know that email comms lack security. And even text messages are subject to phishing attacks. To keep private information private and to remain in compliance and avoid regulatory fines, savvy leaders are looking for more secure solutions.

…and some of them have settled on WhatsApp.

Continue Reading »

The Comms Tool I Wish I Had in US Nuclear Operations

Better. That’s how RSA wrapped up the main idea for their 2019 conference. How can we communicate safer, faster, better?

Thinking about this theme made me reflect on my time as an Army Signal Officer with the Joint Nuclear Operations Center (JNOC). It was me, my Platoon Sergeant, a couple squad leaders, and 20 brand new soldiers operating one of the few Joint Defense nuclear command and control (NC2) satellite terminal posts in the world.

And while this was one of the most rewarding positions I’ve ever held – in and outside of the military – it came with a lot of challenges.

Continue Reading »

HighSide Open Sources its Encryption Code

Here we open source the encryption modules used in the ClearChat client. We share it under the MIT license in the hope that it will be of use to the public.

AESEncryption.py does authenticated AES256 encryption and decryption.
highlevelcrypto.py does public key operations like encryption and signing.
example.py shows how to use them. It runs under Python 2.7 and there are two prerequisites: pyelliptic and OpenSSL.

Continue Reading »

Forget Apple vs FBI, Slack & Gmail already have Backdoors

Apple vs FBI should be the least of your concerns, because right now your emails, chats and files are not private, and they’re certainly not secure.

Not at home, and not at work.

If you’re like most internet-goers there’s a good chance you’re using some combination of Slack, Gmail, Dropbox or one of the many other popular message and file sharing apps on a daily basis; so why worry about Apple building backdoors into the iPhone if you’re perfectly content sharing your most sensitive messages and files through apps that already have the equivalent of built-in backdoors?

Value your privacy and security? If the answer’s yes, then you’re going to want to keep reading. And buckle up, because you’re in for a few surprises.

In this post we’re going to talk about how the communication, file sharing and file storage layers have become a huge security vulnerability for individuals and organizations of all sizes, why, and what you can do about it.

Continue Reading »

How HighSide Works

ClearChat is the name of our company and also the name of a stand-alone desktop (and eventually mobile) client. The client encrypts messages so that only people participating in a group can read them. Here we discuss how that works.

This is a technical overview of how ClearChat works for those who are interested in specifics. You do not need to read or understand any of this to use ClearChat correctly unless you are the admin for your company in which case you might choose to just read the section on authentication.

TL;DR  Each message is encrypted then HMAC’d with a randomly generated unique 256 bit key using AES-CTR, hereafter the “AESEphemKey”. Then, for every participant who must receive the message, the AESEphemKey is encrypted with the participant’s 512 bit secp256k1 elliptic curve public key and that encrypted AESEphemKey is added to the top of the ciphertext as a header. The whole thing is signed using ECDSA and SHA256, and then the information is sent to the server and relayed to the receiving clients. Each receiving client checks the signature, finds their header, decrypts the AESEphemKey using their private key, and then decrypts the main ciphertext using this AESEphemKey. Sending files works similarly except that files are split, compressed, encrypted, and sent in pieces to speed things up. Key authentication is taken care of by an admin at your company; if users trust the admin then they do not need to all verify each other’s keys.

Continue Reading »