![Home [Overview of Sigillu]](images/emenu_over_01.jpg) |
 |
![About [How does it work ?]](images/emenu_03.jpg) |
|
![Our Products [Detailed specifications]](images/emenu_05.jpg) |
|
![Security [Impossible to crack]](images/emenu_07.jpg){kind=small} |
|
![FAQ [Frequently asked questions]](images/emenu_09.jpg) |
|
![Contact Us [For questions & pricing info]](images/emenu_11.jpg) |
|
 |
|
|||||||
|
|
|
|||||||
|
The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different “digits”, hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well. To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.) When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective. Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990’s with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day. Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps: 1. Encrypt with Key 1. 2. Decrypt with Key 2. 3. Encrypt with Key 1. The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys. Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe. The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified. A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials. A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms. An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary! A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor’s intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed). For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits. See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals. Stan Seecrets’ Postulate: “The sum total of all human knowledge is a prime number.” Corollary: “The sum total of all human wisdom is not a prime number.” The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved. Article Source: http://EzineArticles.com/?expert=Stan_Seecrets
By Amy Grech You need to know how to protect yourself, since your security department or any consultant may not be truly aware of these threats and therefore not dependable. Since September 11th, a number of businesses entered the security field with little to no knowledge of the trade itself; only of its profit potential. Even outfits that have been around for some time and well-established have not been able to stay current with the latest innovations. Realistically, viewing your threat level has to be considered since everyone should expect some sort of impending privacy issue no matter how small. Thanks largely to the Internet you can arm yourself with much of the knowledge and equipment that the so-called experts use. If a respected agent of computer crimes for the Secret Service in NYC had his T-Mobile Sidekick hacked, who knows what else happens out there to others in any business. We'll start acoustic ducting evaluation is the inspection of air ducts, baseboard heaters, coffee rooms, lounges, bathrooms or any way the architecture of a building can transfer sound. A simple example is to put your ear to a wall and listen. Basically anything that requires the use of the naked ear is called an acoustic bug. Softer surfaces can help muffle sounds but there are more efficient means out there. So be aware that the way an office site is designed can act as a conduit for conversations. Also, be aware of any changes can have adverse affects. Simply playing music can do wonders for masking conversations. Inspection of telephone equipment and wiring is called line analysis. This is trickier than it seems since sometimes a possible weakness has an actual purpose to the telecommunication system. Especially if it requires constant maintenance and software upgrades. All instruments should be opened and inspected. Ideally they should be compared with a known safe phone or device. If you're not sure, just remove that piece of loose components and wiring and see if the phone still works. The wiring can be modified in a switch within the handset that essentially turns it into a microphone. If you bypass this hook switch, you can listen in from anywhere on the landline. Technical equipment won't be able to detect this. Time Domain Reflectometry is the sending of a pulse down a telephone line. If there is some sort of disruption; a wall outlet or wiretap; a portion of the pulse will be sent back to the device called a Time Domain Reflectometer (TDR). Then the time difference between the reflection and the continuous run is measured. This helps in determining the distance to the anomaly. These devices can perform all sorts of diagnostics including mapping a wire network. That can be useful in locating a hidden phone. Hidden phones have several obvious uses such as making long distance phone calls to being placed in an office across the street to receive betting requests by bookies; a practice called back strapping. If you open up the modular jacks where you connect your phone, you'll usually see four wires. In most cases only two wires are connected; commonly known as ring and tip. If you see all four connected, be aware that is not usually consistent for most wiring situations, especially in homes. The other two wires could be used for a bugging device. For instance, the microphone you use in a voice recorder can be cut in half. Connect the mike head to one set of unused wires anywhere on the phone wire. Then, so long as there are no breaks in the wire, connect the other end to the jack that connects to your recorder. Now place your recorder to be VOX (voice) activated and now you have an extremely reliable bug. By the way, this should be manually inspected for since using a specialized bug detector may see nothing wrong or inconsistent. A bug such as this that connects to a wire is called a direct tap. The other general type is called an inductive tap. This is when an instrument is outside a wire but can still distinguish what’s transacting over a wire. They are harder to detect since they don’t draw power from the line such a standard telephone would. These are referred to as snuffle bugs. A simple probe used in hunting wire signals has a speaker, which can display sounds. By accident one day I was working on an apartment intercom system while using a probe. I could hear conversations throughout the building quite clearly just through the intercom boxes mounted on walls from the master unit in the basement. If you're using wireless headsets or cordless phones, the radio signals can be intercepted. A cordless phone acts like a radio, but depending on the frequency and a few other factors, can make interception extremely difficult. With some manufacturers, you can buy the same model as your neighbors or the office and have it join their phone system. Double check Caller ID boxes to see if they also record numbers dialed besides obviously those being received. If you're using VOIP (Voice Over IP), remember that calls can be recorded in a fashion identical to intercepting data between two computers. These packets of data can reassemble an audio file. Obviously electronic devices possess semiconductor components such as diodes, resistors and such. The method to hunt for these components is called Non-Linear Junction Detection (NLJD). The NLJD unit emits a radio signal while listening for the return signal from an electronic device. This becomes very useful when a bug is embedded in a picture frame or wall. The eavesdropping device doesn't have to be active for it to be discovered. If a device is active and transmitting wirelessly (or even on a wire), you can detect it with a Radio Frequency Spectrum Analyzer. Depending on the detection device used, you can determine whether voice, data or video is being sent, and possibly listen to the data. Try to use different size antennas or buy one that collapses. Different frequencies can be detected more efficiently by using various sizes. The use of filters with antennas can also help pinpoint devices on specific frequencies. Electronics such as computers, FAX machines and especially CRT monitors can radiate electromagnetic signals or pulses that can be received by other equipment. This is known TEMPEST. One way to complicate the surveillance of this is to use certain fonts and line walls or equipment with different gauges of copper mesh wire. You can further enhance this posture by using special paints, which block radio transmissions. Radio waves will look for a leak or break, so be careful of defensive applications. One-way window tints can help in blocking signals. Since an electronic device could generate some heat they can be detected in another way. The use of a thermal imagery device can detect and actually see minute amounts of heat radiated for your viewing. You can hide the heat signatures by using creams or neoprene. Technology exists to collect information from blinking LEDs of modems, routers, print servers and similar devices. You can only see some general blinking but with the use of properly tuned optics, filters, oscilloscopes and good timing you can discern much more. One of the LEDs on your keyboard can be altered to blink while you are typing in a fashion similar to Morse Code. You can also use a tap in the keyboard that sends out radio waves again similar to Morse Code and no anti- virus software will ever be able to find it. Even when a CRT computer monitor is facing a wall the light can be in a sense read by its flickering emanations from some distance. A good defensive measure is to buy new LCD flat panel types. Another approach to attacking FAX machines is to simply record the noises it makes and play it back to another machine. I used to do this for a client so they could keep a record of all the faxes they made and received. There are creative and potentially illegal defenses against wiretappers and Peeping Toms. One is to transmit an extremely high pitch down the wire, thereby rupturing the listener's eardrums. I knew someone who once sent a powerful electrical spike down his phone wire thereby destroying his divorced wife's recorder. By the way, this leads to another topic-expect the device to be discovered someday. Don't leave your fingerprints on it. He found it and had it dusted, thereby producing some prints. My friend used this as leverage against the Private Investigator that planted it. Advice to Private Investigators, a word to the wise: if you do this part-time, hire someone who does this full-time. This P.I. lost his license and almost went to jail. The lawyer who recommended him got into a lot of trouble as well. He received some unwanted attention from the Feds because of his telephone dealings went across state lines and also happened to involve the Post Office. There is another budding field related to this topic called Protective Intelligence. Currently there are only a few experts who do this kind of work. A laser or an infrared beam can be used at a considerable distance from a target building. Conversational sounds can vibrate unto solid objects such as windows. The beam's reflection varies in relation to the movement to the window, which is received and converted back into something audible. To mask the sounds, you could attach a vibrating device (basically an altered electric razor) to the window. Of course if the window is open, then a laser can target another object instead of the window. A beam of light or laser can be directed to go through a window onto a solid object thereby nullifying such defensive measures again. Generally you really can't detect such attacks unless the laser, infrared or light beam is being used that moment. Certain materials can be used to detect IR emissions, as well as the use of passive night vision gear. Certain fabrics or even a curtain may actually show the spot where a beam of light or laser is being focused. Unless the room is dusty or you have an artificial can smoke, you can follow the beam up to a point and guesstimate it's location. One type of optical bug is an infrared transmitter. When placed in the area of interest for transmission of the conversation to an infrared receiver which will then translate the conversation into an audible format. Many of these same procedures used can be applied to locating hidden cameras. A relatively new device uses a series of lasers to seek out optics. This was originally intended to locate snipers by bodyguards. I have listed the techniques, counter-measures and then the counter to the counter-measures to prevent any false sense of security. Usually constant vigilance is your best weapon besides knowing what to look for. Even if you find a “bug sweeper” with good credentials, certifications and experience, ask them detailed questions. Not just to test them but also for your own peace-of-mind. This makes our job easier and we appreciate greatly when dealing with knowledgeable customers. Article Source: http://EzineArticles.com/?expert=Amy_Grech
By Stan Seecrets A slightly longer series of articles "Keeping Your Secrets Secret" will examine practical examples in greater detail and provides useful tips and advice. Of course, these will continue with the theme of making crypto and computer security easily understood. One-Way Hash Also known as a one-way function, a message digest, a fingerprint or a checksum, the algorithm creates a fixed-length output that cannot be reversed. One-way hashes provide checksums to validate files, create digital certificates and played a central part in many authentication schemes. Let us consider this example. For ages, the Chinese have a fortune-telling method that relies on "Ba Ji" (eight characters) which uses the time, day, month and year of birth according to their calendar. There are sixty possibilities (almost equal to 6 bits) for each of the four variables. Since the Chinese use two characters for each variable, the result is always eight characters. This is an example of a nonsecure 24-bit one-way hash. Obviously, this way of producing a one-way hash is not acceptable for security purposes because of the huge number of collisions (different inputs producing the same output). The most commonly used hashes are SHA-1 (Secure Hash Algorithm uses 160 bits) and MD5 (Message Digest uses 128 bits). In August 2005, a team of cryptographers led by Xiaoyun Wang of Shandong University, China, presented a paper that found faster ways of finding collisions than the usual brute force method. These exploits (vulnerabilities) may make digital certificates forgery a reality. The implications to e-commerce may be widespread not to mention the millions of websites which used MD5 to hash the users’ passwords in their databases. Any webmaster can tell you that converting these sites to use SHA-256 or SHA-512 will not be a trivial task. In a recent directive, NIST (National Institute of Standards & Technology, U.S.A.) has advised U.S. governmental agencies to use SHA-256 or SHA-512 (256 and 512 bits respectively) instead. Biometrics A biometric device is one that can identify unique characteristics from a finger, eye or voice. Many believe that biometrics should provide a higher level of security than other forms of authentication. There is a news story in March 2005 of how a Malaysian owner lost his Mercedes car and index finger to car thieves armed with machetes. Obviously the keyless ignition electronics cannot detect whether the finger is still part of the original body nor whether the finger (and by extension the person) is alive or not. Recent security breaches have heightened concern over depositories of personal information stored on many financial sites. When such breaches occurred, the incidence of identity thefts will thus rise also. If you lose your credit card, you can always void the card and get a new one. When you lose your fingerprint (stored digitally), or other biometric features, who can replace those? Passwords When asked to conjure a random number or characters, most people inevitably used materials that are familiar to them like birthdays, names of family members, pets’ names and so forth. For example, most will choose dates when asked to choose a six-digit number for their ATM Personal Identification Number (PIN). Doing so will reduce the number of possibilities by nine times. Random Numbers and Generators Random numbers are central to crypto. To qualify as true random numbers, the output from random number generators (RNG) must pass statistical tests of randomness. Two suites considered as de facto standards are the "diehard" suite developed by Prof. George Marsaglia of State University of Florida and "Statistical Test Suite" from NIST. Second, the RNG’s output must be unpredictable even with complete knowledge of the algorithm or hardware producing the series and all the previous bits produced. Third, the RNG’s output cannot be cloned in a repeat run even with the same input. The most common approach to producing random numbers is by using an algorithm carried out by a computer program (Yarrow, Tiny, Egads, Mersenne Twister). Such algorithms cannot produce random numbers, hence their names, pseudo-random number generators (PRNG). Another approach is to use physical events such as entropy produced by the keyboard, mouse, interrupts, white noise from microphones or speakers and disk drive behavior as the seed (initial value). Some may argue that true random generators are those that can detect quantum behavior in subatomic physics. This is because randomness is inherent in the behavior of subatomic particles - remember the electron cloud from your high school physics. One-time Pad The most effective system is often the simplest. A one-time pad (OTP) is a series of random bits that has the same length as the digital object to be encrypted. To encrypt, just use a simple computer operation, exclusive OR (XOR). To decrypt, simply XOR the encrypted result with the same random bits. The downside of using OTP is that once used, it must be discarded. Second, the OTP and the digital object must have the same number of bits. Lastly, the obvious problem of synchronizing the OTP between the receiver and sender. [Author’s note: The concluding Part 3 will focus on keys management and public key cryptography.] "In God we trust, others use crypto." The author, Stan Seecrets, is a veteran software developer with 25+ years experience. © Copyright 2005, Stan Seecrets. All rights reserved. For more of his articles and website promotion, visit http://www.seecrets.biz or http://www.rushprnews.com Article Source: http://EzineArticles.com/?expert=Stan_Seecrets
If somebody manages to illegally intercept your cellular communication, its content will be protected by strong military-grade encryption even against the most sophisticated interception devices. The Best Solution for Secured Encrypted Cellular Communications  |
|||||||||
|
|
|
|
|
|
| Home |
About
| Our Products | Security
| FAQ
| Contact Us | | | | | | |
   |
|
|
|
Copyright
© 2005 - 2007 Gold-Rep, Corporation. All Rights
Reserved.
Terms - Privacy |
|