Do Not Trust Experts – from Brexit to Internet

I was a researcher, I believed that we were independent, un-biased, the true source of knowledge (and I still do). What I didn’t appreciate at the time was that researchers were terrible in defining borders of their expertise and saying “I don’t know”.

Continue reading Do Not Trust Experts – from Brexit to Internet

How Certbot and Letsencrypt Work (DNS and SNI-TLS automation)

We introduce an integration plugin for Let’s Encrypt. It provides integration for a variety of mechanisms that enable and simplify verification of domain control and certificate installation. We already tested it with Dehydrated (former letsencrypt.py) . It supports all existing verification methods: DNS, HTTP and TLS-SNI, in their current versions “01”.

Continue reading How Certbot and Letsencrypt Work (DNS and SNI-TLS automation)

Your HTTPS Certificate Shows Where Its Key Comes From

We have extended the original research and can now use information from public keys (HTTPS, TLS, SSH, SSL) to audit cyber security management and compliance with internal standards.

Continue reading Your HTTPS Certificate Shows Where Its Key Comes From

Letsencrypt’s Vulnerability Or Feature – Eternal Account Key

 

The growth of Let’s Encrypt is phenomenal – 7 million certificates in last four months. The remaining hurdle for automation is verification of domain ownership. Well, actually it is NOT true. We were doing syntax testing – hoping to get the right kind of verification error … only to discover we have been successfully verified without providing any information.

Continue reading Letsencrypt’s Vulnerability Or Feature – Eternal Account Key

Why Enigma Bridge is the best option available for cloud security

The main reason we want to use cloud technologies is because they simplify cost management and allow us spend only as much as we need at any given time. The question is how secure it is and what risks are acceptable.

Continue reading Why Enigma Bridge is the best option available for cloud security

Re: Investigating the Origins of RSA Public Keys

This post is about a research done by one of our co-founders. Petr showed that it is possible to find which tool or hardware device generated RSA keys from just a few public keys. I’m thinking it’s an attack, unexpected data leakage channel, but also an excellent source for audit-related analytics.

Continue reading Re: Investigating the Origins of RSA Public Keys

“Progress and research in cybersecurity” by The Royal Society

“Encryption is a key technology that underpins trustworthy computing. As digital technologies become ever more central to our lives, encryption becomes more important, and any weaknesses in its implementation become greater risks. Governments must commit to preserving the robustness of end- to-end encryption, and promoting its widespread use.”

Continue reading “Progress and research in cybersecurity” by The Royal Society

How we screwed-up ProductHunt launch

A month ago, we decided to launch EnigmaLink – our file-sharing application on ProductHunt. Neither of us used ProductHunt before, but I found a friend who could do the submission. I thought it would be straightforward.

Continue reading How we screwed-up ProductHunt launch

Hacking WiFi passwords – a randomness problem

Dusan, one of us @EnigmaBridge was curious about how are default WiFi router passwords generated and very quickly came up with an algorithm producing right passwords. And this “bootstrapping” problem is much bigger …

Continue reading Hacking WiFi passwords – a randomness problem