By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I wouldn’t be surprised if somebody else came with this idea first and named it something else since it’s quite simple. Sadly, I really haven’t had the time to check that out.
In this article I will introduce the concept of identifiers then pseudonymous identifiers and finally secure pseudonymous identifiers. I will also explain why they are a very useful technique to deter the risk of leakage on data whose only purpose is identifying an individual like U.S.A.’s SSN numbers or Spanish ID card numbers among others.
A estas alturas, seguramente hayáis leído el tweet del Excelentísimo Señor Rafael Català Polo. En caso de no haber podido hacerlo, os lo cito aquí:
#LexNET es un sistema cerrado y seguro.Si se utiliza d forma legal y ética es imposible acceder a información ajena al usuario @Congreso_Es
En este post vamos a hablar de LexNET y de por qué el Excelentísimo Señor Rafael Català Polo está equivocado al considerarlo un sistema cerrado. Sigue leyendo LexNET no es un sistema cerrado→
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use only 16 bit words.
In this blogpost I’ll do a cryptanalysis of the Petya encryption algorithm (as published by leo-stone) and reduce the key entropy so that a single known plaintext is enough to break the algorithm. I’ll also explain how to use these results to make a faster and more efficient decrypting tool. And finally I’ll explain why genetic algorithms as used by leo-stone worked.
This blog post has been motivated after a series of attempts to cause harm to others under different costumes in hacking environments. It aims to explain why this is a bad thing for hacking communities as a whole and what can be expected from me and which are my expectations when acting in such environments.
En este artículo voy a explicar cuales son las diferentes herramientas que podrían haber hecho más difícil o incluso evitado el ataque que las personas tras La Nueve de Anonymous hicieron contra El Corte Inglés y que tenéis explicado en su tumblr. Los de La Nueve de Anonymous me han comentado sin embargo que lo que allí explican es el ataque que usaron para el deface (con el que publicaron la noticia) en la página web de El Corte Inglés y no para sacar los datos de las cuentas (que obtuvieron de un sistema de Informática de El Corte Inglés S.A.).
Antes de seguir leyendo tened en cuenta que este artículo no está pensado para gente con altos conocimientos técnicos sino para dar a conocer la existencia de estas herramientas entre la gente para que puedan reclamar el que no se hayan usado cuando se produce una filtración de datos personales.
I can’t help but fantasize about that girl, the kind of girl I’d like to have by my side. I’m quite certain I might never find somebody like that but she still exists on my dreams.
