Press "Enter" to skip to content

Posts published in “Blog”

5 FREQUENT MISTAKES IN DIGITAL SECURITY AND THEIR SOLUTION

1. This will be solved by the IT department

Even the best IT guy cannot prevent data leakage from corporate infrastructure if the attack is conducted through an unskilled employee. Just like a security agency worker can’t prevent key theft or employee magnetic card entry. A secure network is a necessary basis (as well as a lock in the door), but the most common attack is conducted in a different way than through corporate systems. One of the most famous hackers, Kevin Mitnick, describes in his book “The Art of Deception”, many surprisingly simple tricks on how to get data that should be kept secret. The majority of them have one thing in common - getting information from uneducated staff who didn’t even think they were doing something wrong.

Employees without knowledge can threaten your business. And you can not blame them

Cyber-attacks are increasingly sophisticated. They use not only state-of-the-art technologies, but mainly psychological techniques against which the normal user is virtually helpless. You can not prevent them altogether, but you can prepare for them and significantly reduce the risk that they will endanger you. And if you are to be the victim of such an attack, it is good to attenuate its consequences at least. The target of the attacks can be anyone. Increasingly, they become medium and small companies. For these, the consequences can be very sensitive, often down to liquidation. The attacker does not have to go about the theft of funds initially. For example, if an attacker empowers an employee's email account, he/she may start communicating with your customers or business partners on behalf of your company. Or, data from your business databases may be leaked. This can have a huge impact on your market credibility.

Přestalo být šifrování emailů pomocí PGP/GPG bezpečné?

Tl;dr? Nepřestalo!

V úterý, 15. 5. 2018 byl na webu https://efail.de zveřejněn podrobný popis zranitelností v implementacích PGP/GPG v rozšířeních emailových klientů. Jedná se o zneužití způsobu, jakým daná rozšíření pracují se zprávami. To je důležitá zpráva. Způsob šifrování jako takový prolomen nebyl, tudíž lze i nadále považovat PGP/GPG za bezpečné!