Transport Layer Security

994 Words2 Pages
bulb-icon

Recommended: Computer threats

Computers are used for nearly everything today, from entertainment to business, and even banking. Though convenient, this makes computers and the internet a prime target for fraud, and security paramount. Recently, however, there has been security exploit after security exploit, some of which need nothing more than typing in a website and clicking “Go!” A couple have even been known for years before being fixed. This creates debate whether computer security is in fact safe, or it is all a false hope.
One extremely common target is TLS. TLS, or Transport Layer Security, is the main protocol used in secure communication over the internet. All secure webpages are transferred using this protocol, or its predecessor SSL (Secure Sockets Layer), and “https” signals its usage. One main component is the public and private key encryption. In this setup, the private key can decrypt messages from the public key and the other way around, but cannot decrypt messages from itself; a private key can decrypt a public key message, but a private key cannot decrypt a private key message (Allen and et al. 12-13). Additionally, an optional extension to SSL/TLS called heartbeat is often used. It is enabled by default, cannot be easily turned off during operation, and works be repeating the message back to the sender; this is often used to see if a server is online and working.
In April of 2014, a major exploit of TLS utilizing the heartbeat was found. It was named Heartbleed for the fact that it “bled” data through the heartbeat. It worked by telling the server to repeat something, but giving the wrong size for it, similar to “send be the 6,000 letter word ‘cat’ if you are there.” The server then sent back the 6,000 letters, with the majority of them bei...

... middle of paper ...

...sion bounds check." 7 April 2014. OpenSSL: The Open Source toolkit for SSL/TLS. Web. 26 April 2014. .
Kitten, Tracy. Disagreement on Target Breach Cause. 10 February 2014. Web. 26 April 2014. .
Mutton, Paul. Half a million widely trusted websites vulnerable to Heartbleed bug. 8 April 2014. Web. 26 April 2014. .
Qualys, Inc. SSL Pulse. 5 April 2014. Web. 25 April 2014. .
Sherr, Ian and Nick Wingfield. Play by Play: Sony's Struggles on Breach. 7 May 2011. Web. 26 April 2014. .

Show More
Related

  • Nt1310 Unit 1 Term Paper

    1112 Words  | 3 Pages

    These programmers communicate with the pacemaker via wireless radio frequency as well as telemetry to make device adjustments and monitor device functions. Physician programmers require no authentication to program pacemaker devices [15]. This is true for all pacemakers. The lack of required authentication is a point of concern because of the potential for risk. As was mentioned, pacemaker manufacturers warn of prolonged exposure to cellphones, metal detection systems, and other electrical devices for risk of misinterpretation by the pacemaker. The electrical impulses these devices emit could be read by the pacemaker as a heartbeat which could cause the device to malfunction or fail [17]. Deliberate attacks on pacemakers have been tested and provide troubling results. Within a 50-foot proximity, an attacker can deliver a lethal 830v jolt to a user’s heart from a laptop [13]. On the hard drives of two pacemaker devices both encrypted and unencrypted data was found by researchers for the technology research company WhiteScope. The researchers found that one unnamed pacemaker device stores unencrypted PHI such as patient and physician names, treatment data, and, most concerning, patient social security number [15]. This information can be collected and sold through black market

    Read More

  • Sacrificing Freedom for Security

    1407 Words  | 3 Pages

    Riley, Michael. “NSA Said to Exploit Heartbleed Bug for Intelligence for Years.” Bloomberg, 2014. Web. 11 Apr. 2014.

    Read More

  • The Target Security Breach

    763 Words  | 2 Pages

    Information is still coming to light about the Target data breach, as the company is still actively pursuing an investigation. It has been revealed that the hackers involved in the incident began by moving data from the Target networks to Fazio, an HVAC company that Target does business with and sends a lot of digital data to, and out to a number of servers in the U.S. and Brazil. (Mick, 2014) This made it hard to spot the attack initially because a lot data was being sent to Fazio on a regular basis. It also makes the data thieves much harde...

    Read More

  • The Types And Disadvantages Of Asymmetric Encryption

    1007 Words  | 3 Pages

    Asymmetric Encryption is used to protect the data while in movement. Asymmetric Encryption is also known as Public Key Encryption. It uses two related keys, a public key and a private key which is not shared with anyone. This pair of keys are developed by mathematical methods which can be solved in one direction. So anyone can encode a data using the public key but only the user with a private key can decode that specific data. The length of Asymmetric Key Encryption is normally 1024 or 2048 bits. However, in Asymmetric framework the keys with smaller than 2048bits are considered as not safe to use.

    Read More

  • Target: The Largest Data Breach/Attack

    1217 Words  | 3 Pages

    In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many would not expect to see and happen to any major retailer/corporation.

    Read More

  • Penetration Testing

    3197 Words  | 7 Pages

    As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]

    Read More

  • Technology Threatens Your Privacy

    959 Words  | 2 Pages

    While many people don’t realize it, there is always a risk when you use the internet. You must be able to know how to defend yourself against these attacks, or you risk losing it all. References Denholm, Martin. The. The Number One Threat to America's National Security."

    Read More

  • Cybercrime Essay

    2112 Words  | 5 Pages

    In today’s society technology is used for everything. With the invention of computers and the internet this open doors to the cyber world. Today you can do almost anything without having to leave your home. The internet gives us the opportunity of shopping online, ordering food online, working from home and video chatting with friends and family across the world. Everyone has a computer and internet access in their homes. While the internet is really convenient it also opens doors for cybercrimes, loss of privacy and the need for computer security.

    Read More

  • Protecting Against Malware Essay

    2372 Words  | 5 Pages

    In this globalized arena, with the proliferating computer users as well as computer networks, risks associated like Malware attacks are also multiplying. As the proverb

    Read More

  • Cryptography Essay

    1276 Words  | 3 Pages

    For thousands of years cryptography and encryption have been used to secure communication. Military communication has been the leader of the use of cryptography and the advancements. From the start of the internet there has been a greater need for the use of cryptography. The computer had been invented in the late 1960s but there was not a widespread market for the use of computers really until the late 1980s, where the World Wide Web was invented in 1989. This new method of communication has called for a large need for information security. The internet allows people to communicate sensitive information, and if received into the wrong hands can cause many problems for that person.

    Read More

  • CyberCrime: Preventing the Horrific Crimes on the Internet

    1424 Words  | 3 Pages

    Every day, citizens are constantly losing money and being victimized due to these fraudulent activities. Cyber crime, including fraud, identity theft, stalking, and hacking, is a growing problem that can be prevented by taking the proper precautions. The biggest cases of cyber crimes are cases of fraud. Online fraud comes in many forms. It ranges from viruses that attack computers with the goal of retrieving personal information, to email schemes that lure victims into wiring money to fraudulent sources” (What is “online fraud”).

    Read More

  • Cryptography Essay

    738 Words  | 2 Pages

    In this era when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for security becomes a tremendously important issue to deal with, So it is important to deal with it. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. Cryptography is the science of writing in secret code and is an ancient art; In the old age people use to send encoded message which can be understand by the receiver only who know the symbolic and relative meaning of that encoded message .The first documented use of cryptography in writing dates back to circa 1900 B.C. Egyptian scribe used non-standard hieroglyphs in an inscription. After writing was invented cryptography appeared spontaneously with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In telecommunications and data cryptography is necessary when communicating in any untrusted medium, which includes any network, particularly the Internet [1].Within the context of any application-to-application communication, there are some security requirements, including:

    Read More

  • The Internet and Cybercrime

    1789 Words  | 4 Pages

    The Internet is a connection of computers across the world through a network. Its origin dates back to the 1960s when the U.S Military used it for research, but it became more available to the public from the late 1980s. The World Wide Web was created in 1989 and browsers began appearing in the early 1990s. Over the last 24 years, the Internet has enabled people to shop, play, do research, communicate and conduct business online. It has also become cheaper and faster in performing different tasks. As much as the Internet has done immeasurable good to society, it has also dominated people’s lives and brought with it an array of cybercrimes. According to Nicholas Carr in his book The Shallows: How the Internet is Changing the Way we Think, Read and Remember (Carr, 2010). He debates on whether the Internet has done more harm than good. People use the Internet daily to exchange accurate information and constantly personal data such as credit cards, passwords and Social Security numbers are travelling through the network from one computer to another. With security measures put in place on the Internet, personal information remains confidential. But unfortunately, criminals have adapted to innovations in technology, and today, more people are increasingly becoming victims of cybercrime. The Internet has had profound effects on the public, both positive and negative. In this paper we will examine how access to personal information has led to an increase in online and offline crimes. The essay will particularly focus on ecommerce and hacking.

    Read More

  • Corporate Network Management

    1882 Words  | 4 Pages

    Nieva, R 2014, 'Heartbleed bug: What you need to know (FAQ)', CNET, 11 April 2014, viewed 11 April 2014, .

    Read More

  • Cybercrime Essay

    2700 Words  | 6 Pages

    ...ng to many individuals who have suffered from hacking, phishing, scams, identity theft, fraud etc. Computer crime describes a very broad category of offenses, which include anything that requires an electronic device or the Internet. Cybercrime is now a global issue and it has a major impact on every individual or business that interacts with technology and the World Wide Web. When important information is stolen, not only are individuals at risk of becoming part of greater crimes but it can also affect an entire country when its national secrets are stolen. In the end I may conclude that computer crime is a dangerous crime that all individuals should be aware of due to the many devastating results it can cause. Cybercrime cannot be stopped due to the high levels it has reached, but immunity can be used to keep safe from it or at least keep individuals less at risk.

    Read More

More about Transport Layer Security

Open Document