This hasn't been a good couple of weeks for Computer Security as earlier it was revealed that WPA2 has been cracked due to a flow in the protocol. If you are a Technical person you can go through the Research Paper to fully understand what the vulnerability is but in short I will explain the context.
Almost everyone who uses a Wifi Router is knowingly or unknowingly using a WPA2 key to access their router. WPA2 is the abbreviation for Wi-Fi Protected Access II, which is widely used method to protect Wifi Networks after the hacking of WEP (Wired Equivalent Privacy) in the year 2001. Basically what this means that your neighbour with sufficient computing knowledge can get access into your Wifi Network. This is a problem but not a serious problem as your Wifi Network has a limited range and attacks carried out is also limited. But turning off Wi-Fi on your phone, relying on mobile data, not ignoring HTTPS certificate warnings, and plugging into an Ethernet port instead of using Wifi might be some precautions you can take.
But things got uglier when it was revealed that a RSA library has introduced a vulnerability in security hardware produced by Infineon Technologies AG. The vulnerability is named as ROCA allows for an attacker, to perform a Coppersmith’s attack, to compute the private key with nothing more than the public key, which nullifies the purpose of Asymmetric encryption. Asymmetric encryption must ensure that Public Key and Private Key are not related by any means and Data Encryption could only be performed by the Public Key and Data Decryption can only be performed by the Private Key.
This issue has affected keys in various domains including electronic citizen documents (Estonian identity cards), authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP.
Sad news for Computer Security and let's hope things will get better.
The Raspberry Pi with Desktop Capabilities. Read More
Developing Java Applications with Unicode Data. Read More
Performance Monitor using ElectronJS, Flot Chart and justgauge. Read More