05-18-2014 01:42 AM
AusCERT History is filled with companies shamed by their shoddy cryptography implementations – even though the underlying maths is bang on.
In a presentation titled "Crypto Won't Save You" at the AusCERT conference on Australia's Gold Coast, respected cryptographer Peter Gutmann of the University of Auckland took security bods through a decade of breaches featuring a laundry list of the world's biggest brands.
Gutmann's point was to demonstrate how the weakest point of cryptography was typically in its implementation rather than the maths itself. He demonstrated that consumer devices from the Amazon Kindle to the Sony Playstation and Microsoft Xbox consoles were hacked not because of weak cryptography, but due to poor deployment of security mechanisms, which were bypassed by attackers.
Many more systems have been broken due to poor implementations. The crypto used by lower-end ransomware to encrypt victims' files can be broken by security pros, allowing the documents to be rescued without having to pay the ransom.
This one is a good read not only for content but also because it goes against the trend that more is better.
Webroot SecureAnywhere Complete Beta Tester v126.96.36.199, imaged by Macrium Reflect v7