Innhold om Sikkerhet

Christmas is fast approaching, and with it, a new year. It’s time to leave bad security habits behind in 2020, set aside some time for a digital cleanup, and move forwards with a clean slate.

A CTF is a hacking competition. The participants compete for the highest score, by hacking intentionally vulnerable apps. It's a great deal of fun competing, but how does one host a CTF? This is the story of how I've been doing it, and how my CTF rig has evolved.

Critical infrastructures are, as the name suggests, critical to society and have in recent years become increasingly more digitalized. Such infrastructures include electric power, electronic communication, transport, as well as water supply and sewage. They are essential for the maintenance of societal functions that you and I depend on in our daily lives, and a disruption can paralyze a society and at worst lead to loss of life. Here, we will try to explain why critical infrastructures are especially difficult to secure against cyber attacks.

What is the state of your IoT (Internet of Things)-security in your home? Do you have any gadgets on your network that are vulnerable to exploitation? Maybe you have any devices you do not recognize? If you own an IoT-device then you should be curious about how it talks to the Internet and how security is taken care of.

Looking for some inspiration? Something to learn? Here we give you a list of interesting people we follow. These people are worth listening to.

Social media applications spy on you, and probably send home some data about you every second you use the app. But what about the applications that have another business model? Do you trust that your bus pass app, developed by your the municipality, or your smart vacuum cleaner is not sending your data back to the developers? Often, we have no idea, and until recently iOS-users had no good way of inspecting the traffic that was sent from their devices.

Ransomware is extremely costly and difficult to get rid of, and once your files are encrypted you may have lost that data permanently. Giving in to the ransom demand is expensive, gives no guarantee that your data will be restored, and only encourages cybercriminals to keep attacking and extorting money from individuals and companies alike. Clearly, the best way to deal with the increased rise in ransomware attacks is to implement solid preventative measures to avoid getting infected in the first place. And, if the worst should happen and all your files do get encrypted, to have alternative ways of restoring your data.

We live in a digital era where the most precious commodity no longer is oil or gold, but data. But what if this data, including personal files, customer lists and company data, flight traffic information, or even sensitive hospital records were stolen? What would you do, or pay, to get it back?

He sees you when you’re sleeping, he knows when your awake, he knows if you ‘we been bad or good so be good for goodness sake. This is a line of a popular Christmas song. It obviously refers to Santa Claus. However… What if this is true, not only for Santa, but for large companies worldwide. We’ll take a closer look on the data you give and the repercussions.

Simula har, sammen med FHI, fra starten prioritert sikkerhet og personvern svært høyt i utviklingen av appen. Ulike varianter av dette sitatet finner vi mange intervjuer om Smittestopp. Politikere, helsebyråkrater og utviklerne forsikrer at sikkerhet og personvern er ivaretatt. Kontrasten til Smittestopp-havariet er oppsiktsvekkende. Hvordan kan dette forstås?

Cryptography is the science of secret writing with the goal of hiding the meaning of a message. When a message is encrypted with a secure algorithm, i.e. an encryption cipher, no one should be able to read it without the decryption key. However, the promise of security falls apart if the encryption algorithm is weak, or if someone has created a backdoor. In this article we’ll examine the modern history of encryption. We’ll learn that while the mathematical underpinnings of modern encryption is stronger than ever, government agencies have a history of thwarting efforts to reach the goal of truly secure communication.

Zero Trust is a security model where each component has its own perimeter. This is different from a traditional security model where all components inside of a given perimeter are regarded as safe or trusted. It was introduced as a reaction to the traditional network security model as a measure against lateral movement after a breach.

We wrote about "Safe travels for the road warrior" last year. This year we offer one more trick, and expand our list for staying safe and secure on the road. Watch out for shoulder surfers, and protect your equipment if you have to leave it in for example your hotel room.

Elliptic curves are seemingly ubiquitous in modern cryptographic protocols, and may turn up again later this December. Let’s take this opportunity to gain insight on what they are and why they are used.