All posts by Dan Cvrcek

Co-founder of Radical Prime and Enigma Bridge. Indendent consultant on security and encryption systems (incl. large banking, payment, and enterprise systems) ... and a university professor.

A Long Dark Tea-Time of The Soul

You may know the mood when all seems to be done but new tiny issues keep cropping up every day … until they eventually disappear without you realizing it. The title has kind of sprung to my mind.

A lot has happened since my previous post and I indeed lived and breathed Enigma Bridge.  While we kept focussing on a particular market segment we decided to make our products easier to test by smaller companies – a new test/staging instance of Enigma Bridge service will be launched within days. We did a good progress business-wise as well. But one thing I want to mention in particular is an ASIRTA tool – a baseline profiler for data governance. Continue reading A Long Dark Tea-Time of The Soul

Password Attacks – A Small Server Experiment

This short post looks at passwords attacks that were launched during 5 months’ period against a small web server of ours in 2013.

There are a lot of statistics about what is the most prolific passwords we use to login to our online accounts. What we were interested in was what passwords are being used to guess logons to online systems. We setup a WordPress website and started logging passwords tried against that website. Here are some results after about 5 months of monitoring and over 11,000 of logged attacks.

Continue reading Password Attacks – A Small Server Experiment

Why Storing Plaintext Passwords Is Bad

No matter what bad news we hear about passwords – leaks, security breaches, compromised security – passwords provide a very good protection when used properly. The real weak link here is the user. If users could remember long and random passwords, the “problem of passwords” would be much, much smaller. The hype would disappear and the real issue – how internet companies store passwords – would become much move visible.

Continue reading Why Storing Plaintext Passwords Is Bad

Online and Mobile Banking Fusion

Banks simplify access to our bank accounts. They keep relaxing security while hoping to replicate the boiling frog story. The trouble is that no-one dies and someone will figure out – sooner rather than later.

Debit-cards

I touch on a few things: using online banking to find valid card numbers, and date of birth, increasing chances for unauthorised access, lowering security of login credentials and changing role of debit cards.

Continue reading Online and Mobile Banking Fusion

Tokenisation – Introduction

Tokenisation is a hot topic as it makes card processing cheaper and more secure. The goal is to replace your card number with a random number that is hard to use for unauthorised transactions – and it removes the need to encrypt databases.

What we are primarily looking at now are mobile payments but we are designing solutions for e-commerce as well. Payment processing involves re-encryption of PINs (PIN-blocks) for card-present transactions.

PIN_reencryption-min

Continue reading Tokenisation – Introduction