Certifications

CREST STAR CHECK CYBER ESSENTIALS ISO27001 ISO9001

Let's Talk Quantum Cryptography Pt 2

Overview

In the last quantum cryptography blog post we looked at the popular BB84 protocol and discussed how it is, at least theoretically, a secure protocol. 

This time we’ll see how, when put into practice, physical implementations of the protocol can introduce vulnerabilities that we can exploit to undermine the entire key exchange!

When testing these types of systems, vulnerabilities can be broken down into two broad classes:

Tags

Shadow IT and Technical Debt: The adversary's allies

Shadow IT increases your business' security risks and is invisible to you.  It might not be covered on your asset lists, because your asset management lists are incomplete.  It might have no assigned owner, either because it doesn't fit neatly into any business unit, or isn't related to any current operational priorities but hasn't been fully decommissioned yet.  It might have been installed outside of usual processes, either without authorisation or because usual processes were overridden.

Tags

Common TLS/SSL Issues and What They Mean

Encryption implementation issues are, in my experience, some of the most commonly reported findings during penetration tests. Whilst they may not always be quite as scary as seeing "SQL Injection" or "Stored Cross-Site Scripting" in a report, their ubiquity merits some discussion. 

We broadly find the most often encountered issues fall under three categories:

  • Outdated Encryption Protocol Support
  • Certificate Issues
  • Weak Cipher Suites

How are these three categories linked and what do they do to keep my data safe? 

Cyberis becomes CBEST Approved

Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.

Tags