Whether for secure communication, or for private storage of data, there are occasions when individuals and organizations have a need to make their data unreadable to general users.

The technology that makes this possible is known as cryptography, which comes from the Ancient Greek words, kryptos, that translates to secret or hidden, and graphein which means to write. Cryptography is a process that converts the text of a message or data, into a scrambled message, that obscures the original message, and then the recipient can convert the scrambled message back to the original.

Cryptography can be traced back to the ancients, with the first documented use dating to 1900 BC in ancient Egypt with substituted hieroglyphics. A more modern approach with a substitution cipher can be found with Julius Caesar in 100 BC, where each letter was substituted with another letter to scramble the message, in what became known as a 3 cipher that moved each letter three ahead in the alphabet to keep it secure.

This Caesar Cipher was used to send secure messages to the Roman generals on the front line, but is considered less secure by modern standards as it only used an encryption method, and did not utilize an encryption key, and therefore is subject to being easily decrypted based on the frequency of the letters.

A more modern approach to cryptography is from Blaise de Vigenre, a Frenchman in the 16th century, and represents an early approach to encoding the message via an encryption key in what became known as the Vigenre cipher. In this approach, an encryption key is used, and the letters get encrypted via this key, however this simplistic approach can also be easily broken.

Seeking greater security, cryptography has benefited from technological advances, with electro-mechanical approaches being taken in the early 20th century, starting with the Hebern Rotor Machine. This used a single rotating disc, with a secret key embedded and was based off of an electrical typewriter. The cryptography is based on a substitution table, but the advance was that the next letter, the rotor advanced, thereby changing to a different substitution table used after each letter, while maintaining efficiency as no manual lookup was required to encode or decode the message.

Rotating disc technology then formed the basis of the famous German Engima machine, which was invented by Arthur Scherbius. It debuted at the end of World War I, and was relied upon heavily by the German military during World War II.

The advance over the Hebern Rotor Machine was that it used multiple discs, three for the German Army, and the Navy, that implemented their Enigma Code later, used four rotors for additional security. It took a process over years to crack the German Enigma code, with initial progress made by the Polish Cipher Bureau, which used their close ties to the German engineering industry for the initial decryption, and had a fully reconstructed an Enigma machine in the 1930s. The Germans were quite confident that their Enigma code could not be broken, and used it throughout all of their branches of the military, including all secret communications.

Facing a German invasion, the Poles shared their knowledge of Enigma with the British at their now famous Government Code and Cipher School, better known for their location at Bletchley Park, including their reconstructed Enigma machine that was a detailed replication down to the internal wiring.

The British, faced with the challenge of deciphering Enigma code messages in a timely fashion to generate actionable intelligence, devoted considerable resources including their top mathematicians, for a faster method to decrypt the German Enigma communications. This resulted in the Colossus Mark 1, which was the worlds first programmable, and electronic computer- purpose built for codebreaking. From the origins of these vacuum tube code decrypting behemoths started the computing revolution.

Computers have continued to be central to cryptography today. In the 1970s, IBM developed a cipher known as Lucifer to encrypt corporate communications, that subsequently was adopted by the US National Bureau of Standards as the Data Encryption Standard (DES) for the protection of sensitive government data.

With a 56-bit key size, as computing power increased it was broken via brute force attacks, and this was demonstrated in 1999 when it was decrypted in under 24 hours. Shortly thereafter, in 2001, the shift was made by NIST to a new more secure block cipher, which became the Advanced Encryption Standard (AES), which features a block size of 128-bits, and multiple different key lengths of 128, 192 and 256 bits, which is currently still in use.

AES uses symmetric encryption, which means that the same key is used for both encryption as well as decryption. This is also known as shared-secret key encryption, and the weakness is that any user with the key can decode the message making the security of the key quite paramount. This type of encryption is commonly used for securing data stored on a hard drive.

The alternative is asymmetric encryption, which is also known as public key encryption. In this method, the code to encrypt the message can be shared, as it cannot be used to read the message, and is known as the public code. A second code, known as the private code, is necessary for decrypting the message. Asymmetric encryption is applied to many internet protocols, including the RSA security algorithm, that forms the basis of the SSL/TSL Protocol, which secures our computer networks.

While symmetric and asymmetric encryption are thought of as separate entities, in practice they are also used in combination across the internet. For example, symmetric and asymmetric encryption is combined for digital signatures, where both public and private keys are utilized for verification of the sender of the message, and to keep the message secure, and unaltered.

Cryptography also gets applied to secure browsing, via the encrypted tunnel that gets created via VPN technology. While there are several security protocols that can be used for the creation of an encrypted tunnel of a VPN, the state of the art choice is OpenVPN, which uses asymmetric encryption with both public and private shared keys, via an open source algorithm, and 256-bit encryption via OpenSSL.

View original post here:
What is cryptography? | TechRadar

Department of Information Security

Location: EghamSalary: 43,660 to 51,687 per annum - including London AllowanceClosing Date: Wednesday 15 April 2020Interview Date: See advert

Full-Time, Permanent

This is the cryptography focused position, for the software security focused position closing at the same date, seehttps://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0220-054

Applications are invited for a full time permanent post of Lecturer in the Information Security Group (ISG) at Royal Holloway, University of London. This post carries the responsibility to conduct research and to contribute to the teaching in the department. The post is equivalent to an assistant professor in the US system, or a Junior professor in Germany.

The applicant should have a good research profile that fits within the wide range of research undertaken by the ISG. We are particularly interested in applicants who will be able to drive forward research related to all fields of cryptography: theory, applied, primitives, protocols, symmetric, asymmetric. However, strong social scientists working on information security and researchers working on software and systems security or any other field of information security are also encouraged to apply.

The applicant should be able to demonstrate enthusiasm for research as well as teaching and communicating with diverse audiences.

The post has a preferred start date of autumn 2020, although there is some flexibility in start date. The post is based in Egham, Surrey, where the College is situated in a leafy campus near to Windsor Great Park and within commuting distance of London.

In return we offer a highly competitive rewards and benefits package including:

The post is based in Egham, Surrey where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.

The post holder will contribute to the research and teaching of the Information Security Group which is a full department within the University that hosts a dynamic inter-disciplinary group of academics and researchers focused on information security research and teaching. The ISG is amongst the largest departments dedicated to information security in the world with circa 20 academic staff in the department, as well as research and support staff. We work with many research partners in other departments and have circa 70 PhD students working on a wide range of security research, many of whom are fully funded through our Centre for Doctoral Training in Cyber Security for the Everyday, funding 10 PhD positions per annum for the next four years. Our PhD students undertake exciting research that has won national and international awards. Our students are encouraged to publish their work in leading venues (s.t. CRYPTO, EUROCRYPT, ACM CCS, IEEE S&P, USENIX, CHI, CSCW and DIS) and to contribute to national and international research, policy and practice initiatives. We are also an Academic Centre of Excellence in Cyber Security Research (ACE-CSR).

We have a strong, vibrant, embedded and successful multi-disciplinary research profile. This vibrant environment incorporates visiting researchers, research seminar series, reading groups and mini conferences, the WISDOM Group and we are proud of our collegial atmosphere.

Our research is collaborative and interdisciplinary, both within the ISG and externally. Within Royal Holloway we collaborate across many other departments including: Computer Science, Electronic Engineering, Economics, Geography, Law, Management, Mathematics, Psychology, Politics and International Relations and Classics. ISG members are also encouraged to build and maintain external networks of collaboration and we are prominent members of both national and international research communities. The ISG is active in industry and government, where our colleagues find opportunities for applied research and consultancy. We also have a strong track record of working with underserved communities on the edge of society, addressing their security needs and conceptions.

Currently, there are eight permanent members of staff focusing on cryptography in the ISG: Martin Albrecht, Carlos Cid, Keith Martin, Sean Murphy, Siaw-Lynn Ng, Rachel Player and Liz Quaglia. In addition, Simon Blackburn from the Maths department regularly contributes to the field of cryptography. Currently there are five postdocs working on cryptography and roughly 15 PhD students. Focus areas of cryptographic research currently are: lattice-based cryptography and applications (Albrecht, Murphy, Player), post-quantum cryptography (Albrecht, Blackburn, Cid, Murphy, Player), symmetric cryptography (Albrecht, Cid, Murphy), statistics (Murphy, Player), access control (Martin), information-theoretic security (Martin, Ng) and protocols (Albrecht, Quaglia). We are particularly looking to strengthen our capacity in protocols.

The University offers a full range of undergraduate and postgraduate degrees in information security that are certified by the UK National Cyber Security Centre (NCSC). This is where most members of staff focus their teaching.

In particular, the ISG teaches the security modules on these courses:

All campus programmes can include a year in industry option. Our MSc is the largest in the UK with students studying across the full-time, part-time or distance learning modes of study. Our MSc is one of the oldest programmes in the world, having started in 1992 and has a large alumni network with over 4,000 graduates.

To view further details of this post and to apply please visithttps://jobs.royalholloway.ac.uk.For queries on the application process the Human Resources Department can be contacted by email at:recruitment@rhul.ac.uk.

Closing Date:Midnight, 15 April 2020Interview Date:9 June or 10 June 2020

Royal Holloway is committed to equality and diversity, and encourages applications from all sections of the community. Readhereabout structures and initiatives around equality and diversity, including information on staff diversity networks.

See the original post:
Lecturer in Information Security, Cryptography Focused job with ROYAL HOLLOWAY, UNIVERSITY OF LONDON | 196311 - Times Higher Education (THE)

MegaCryption-PC

NAPLES, Fla. (PRWEB) February 11, 2020

Advanced Software Products Group (ASPG, Inc.) has announced version v2.1.0 of MegaCryption-PC for Windows desktops and servers. As a component of ASPGs MegaCryption cryptography suite of products, MegaCryption-PC provides a comprehensive and scalable solution for data encryption. The MegaCryption suite of products delivers powerful and simple-to-use cryptography tools with interoperability for enterprise systems including z/OS mainframes, Linux, and Windows.

Whether operating a small business or larger enterprise, MegaCryption-PC provides organizations with the functionality to effectively facilitate the resolution of mandatory security policies, provide multi-platform accessibility, and reduce demands on an organizations overall operations.

The latest developments to MegaCryption-PC provide sweeping updates to the user interfaces. The most notable of these changes is the new intuitive design which seamlessly integrates into existing Microsoft Windows workflows. Familiar operations such as file management, Office applications, and Windows-style dialogue provides an elegant, modern user experience that facilitates productivity while requiring no prior training to use the tool.

Standout attributes of the improved user interfaces include a streamlined key manager featuring certificate creation, import, export, and delete options for public and private keys. Additional enhancements enable intuitive searching, sorting, organizing, and displaying certificates while the File Explorer interface allows simple file management operations. Upgrades to policy management, configuration options, a new user tutorial, and user-customized themes allow for a truly personalized experience. Uniquely, MegaCryption-PC will also encrypt attachments that allow users to add further confidentiality to file sharing with business partners.

MegaCryption-PC is a powerful asymmetric and symmetric cryptography suite of tools that are well suited for any organization interested in cryptography and looking for a powerful, easy-to-use tool. With a simple and lightweight installation process, users can begin accomplishing their cryptography goals within minutes. Existing users of MegaCryption-PC will appreciate a seamless update to the new release without service interruption.

As one of the fastest-growing encryption tools for file cryptography on Windows, Unix and Linux systems, MegaCryption-PC supports both OpenPGP and S/MIME file cryptography (and key management) so that you can discover interoperability with new or existing cryptography projects within your data center or with your business partners.

The entire suite of MegaCryption tools for z/OS, Windows, and Linux is continually updated with new features and security enhancements. Interested parties can contact the ASPG sales team by phone at 800-662-6090 (toll-free) or 239-649-1548 (US/International) or email at aspgsales@aspg.com. The MegaCryption support team is also available 24 hours a day, 7 days a week. Learn more about the best MegaCryption tool for your environment at http://www.aspg.com/megacryption

ABOUT ADVANCED SOFTWARE PRODUCTS GROUPAdvanced Software Products Group, Inc. (ASPG) is an industry-leading software development company with IBM, Microsoft and GSA certifications. For nearly 30 years, they have been producing award-winning software for data centers and mainframes, specializing in data security, storage administration, and system productivity, providing solutions for a majority of the global 1000 data centers.

Share article on social media or email:

See the original post here:
MegaCryption-PC v2.1.0: Intuitive Interfaces and Seamless Integration in ASPG's Updated Encryption Tool for Windows - PR Web

In late November 2017, Dapper Labs released a blockchain-powered app called CriptoKitties in which users could collect and trade virtual cats. And just like all things cat on the internet, it was a sensation. A week later, the total number of pending transactions on the Ethereum blockchain had jumped six times, clogging the network not just for those selling kitten avatars, but for everyone else, too.

Blockchains are lists of records that are protected by cryptography and can be distributed across networks. They can serve as reliable ledgers of financial transactions, virtual kitten trades, and even the exchange of sports collectibles.In 2018, social video app SportsCastr launched a digital token called Fanz that its users can earn and then exchange for digital and physical goods or services. In October, Bayern Munich signed a licensing partnership with Stryking Entertainment to create digital tokens of its players. Stryking is currently developing a blockchain-backed player fantasy sports platform called Football-Stars.Last month, the Sacramento Kings launched a blockchain-powered auction platform for game-worn memorabilia and Panini commemorated Zion Williamsons NBA debut by releasing a blockchain-backed digital trading card of the New Orleans Pelicans star.

Dapper Labs is now working with the NBA to develop a digital platform and gameNBA Top Shotin which the digital collectibles will be in-game moments, such as a Joel Embiid dunk or a Kevin Durant 3-pointer. SportTechie recently spoke to Caty Tedman, VP of partnerships at Dapper Labs, to discuss the future of blockchain in sports.

SPORTTECHIE: How is blockchain disrupting the world?

TEDMAN: What it does is it has the power to remove intermediaries that would be able to consolidate power. Using CryptoKitties as an example: we created these assets, we created a game to prove that you could do something in blockchain outside of decentralized finance. The best example of how blockchain is going to work for consumers is in decentralized finance. There will be a lot more control and transparency around financial transactions. But for us, we thought it would be great to do something where consumers could adopt us without overhauling their financial systems. So we created this thing. And once those tokens are out there, other people can create stuff. We saw other games pop up that use CryptoKitties, and they didnt have to do the coding work that we did around the tokens. We saw secondary markets where people created services to analyze your CryptoKitties.

What that illustrates is that blockchain takes information, puts it in public, and then lets people do other stuff with it. If you think about that for finance: maybe finance is really confusing for a lot of people and there are a lot of terms and conditions around how we use banks and other financial services and theres a potential for a blockchain to make that more transparent so its really clear whats happening in financial transactions, and it also creates a system in which there can be more competition because the entrance fee, what it takes to enter the space, is a little less onerous than going against a major financial institution. It just gives people a lot more power without necessarily having to give them more confusion about it. Real estate is an example that people use all the time, decentralized finance is one of the most exciting areas. Were very interested in gaming.

Blockchain as a technology has the potential to underpin a lot of different areas, many of which used to be closed databases and can now be open databases.

Soon I think well stop talking about blockchain and itll just be a part of the technology stack that everyone uses.

SPORTTECHIE: How will blockchain change the fan experience?

TEDMAN: The way that people describe blockchain depends on the audience because you can go super deep on the technology side. When you think about the internet itself, it lets people access information at a fundamental level. Its kind of the information sharing place in a digital space. Think of blockchain as a new element of that technology. Its really a place where value is transferred.

Lets take a look at the practically of what that means now: when you do things online now, maybe youre playing a video game and you buy a lot of stuff. Then the season switches and you lose a lot of the stuff you bought. You put a lot of money into your fandom and you dont really see value back for that. Well, maybe you had fun with your friends, but basically money goes out the door and not back in the door. Blockchain enables money to come back in the door.

As a consumer, in a world where your assets are on blockchain, you own them, you hold them. If we were to go away, or if Electronic Arts or NBA2K were to go away, you would still own those assets and you could combine and sell them. Thats when microecosystems start to pop up. The main thing we think blockchain is going to do: theres going to be the ability where if you stop playing a game, you can sell all those assets and recoup that value. And some people might even play games to gain access [to later sell], and that might be a new kind of business model.

Blockchain is code, like anything else thats digital. And its at its essence a public ledger and a place where you can trust that any information is true because its been validated from multiple sources in an automated way. We call that environment trust-less because you dont have to have trust in it. You dont want to have trust in us as a company, you can trust that the structure of the blockchain is ensuring that information thats on that chain is accurate.

What that means is that if I buy a James Harden NBA Top Shot moment, which is a token, I own that moment and anyone can verify that I own that moment. So if I say, OK, someone else is looking for a James Harden moment because theyre playing the game and need someone with certain strength or someone in his position, I can go out to the marketplace and say, Hey, I own this thing but if you want to own this thing you can buy it from me. And that transaction also happens on the blockchain. Its not like selling something on Craigslist where you have to trust that someone is actually paying you for the goods. Its trust-less in that a transaction can automatically happen, allowing for peer-to-peer marketplaces.

SPORTTECHIE: What is Dapper Labs overall goal and focus?

TEDMAN: We are building a blockchain called Flow and its built specifically for entertainment. Weve seen such a strong interest in engaging consumers in this space, but we have not seen a platform that can really scale to accommodate mass consumer adoption. So were building one.

Weve got a great roster of partners that are working with us on that, and its bringing in people from sports, gaming, music and culture to really understand whats needed out of the technology thats going to scale for those kinds of brands. Thats a criticism the industry has had in the past, and when CryptoKitties launched, melting the Ethereum network was great for press, but bad for the industry as a whole. We know we need stable environments to build the consumer-facing side of the industry, and so were working on that.

We think about gaming as a little bit of a Trojan horse for the technology. Gamers adopt new technologies and try new things, sports fans do as well, so thats kind of a perfect match for us. But asking someone to go set up a new bank account in a new technology that they dont totally understand is really scary, but asking people to play a game thats really fun and provides some value and actually allows for that value exchange I was talking about, its a much easier thing to adopt.

We think about gaming as a way to get people involved in the space kind of passively, and then once youre set up in the crypto space and youre used to using maybe cryptocurrency, or alternate currencies, you have a wallet set up, you have all the systems set up around you, you can go and do anything in a decentralized space. And we expect to see that: maybe they come in and use custodial services, trust us for a little while with some of their crypto assets, but then ultimately say, I get it, I see how this benefits me, I understand how to use this technology a little and the kinds of options I have and Im going to take control of my own information.

Sports leagues are not just competing with [other] sports, theyre competing with everything that a consumer does in their day, whether thats playing Fortnight, shopping online, or watching the Emmys.

SPORTTECHIE: Why was CryptoKitties such a success?

TEDMAN: I think the crypto community was ready to see something that was different and exciting and I think we created something that really captured people's imaginations who were already interested in this. I always look at the U.S. market as an indicator, and a tremendous amount of people, millions and millions of people, hold cryptocurrency, tons of people who you wouldnt even necessarily think hold cryptocurrency. We do lots of user testing, talk to a lot of consumers, and were always surprised by how many people hold crypto and what the diversity of those people are.

First of all, there was a bigger market than people thought there already was. We tapped into that. We tapped into peoples curiosity about a practical way to understand the technology, which CryptoKitties does a great job of. I would encourage anybody who wants a 101 in the space to sign up for CryptoKitties and go through some of the onboarding because you get a much better idea of what the technology can do. And the internet loves cats. So it wasnt a far cry to say that if you at least hit a couple of those other notes that the internet was going to continue to love cats.

SPORTTECHIE: You have worked at ESPN, the NHL and the NFL. How did you help shape Dappers move into sports, and why?

TEDMAN: We have a joke internally that of my last almost three years with the company Ive been trying to turn us into a sports company. I finally succeeded with it. When we look at audience crossover, sports makes total sense. And in my role leading partnerships, I do a lot of talking to former colleagues, sports leagues, sports-related brands, talking to people who target consumers, specific groups of consumers.

I love sports and I thought sports was the perfect fit and having come from that world and frankly doing social media for so long, I felt like as brands we spend so much time giving content away on platforms that we dont own a piece of. It seems like Twitter, Facebook, Instagram, and TikTok, are so great for fan engagement. But those platforms built their back on our brands.

The thing that really hooked me into the blockchain work is that blockchain creates an environment for consumer engagement where consumers get to have some value in that environment and also the brands get to keep value. So when youre creating content, that content has a direct line of revenue and it seems like a much more virtuous cycle than just that hamster wheel of social where youre just giving away and giving away. Social and other existing channels are still going to be really important for reaching consumers, but I love that theres this value exchange with blockchain where fans get a piece of the value, sports leagues and teams get a piece of the value, and the network itself can continue to grow and people can continue to get involved in that space.

When you think about aligning fan interests with league interests, aligning financial interests with fan interests, it feels like a really good fit and it feels that everybody gets to benefit. I liked that because my whole career has focused on serving and engaging fans and making sure the kind of content being created is stuff fans really want. And now theres a value layer that gets layered on top of that and the brand also gets to benefit.

When you look at brands like the NBA, their fanbase is skewed younger. As a company, theyre really open to testing and adopting new technology. Theres a pretty good crossover in the crypto audience and the NBA audience, so when we started trying to figure out how we were going to go from internet cats to a larger mainstream audience, we were looking for those connection points to make sure that we were hitting the right kind of audience, a broader one. A brand like the NBA, and frankly sports in general, really hits that nail on the head.

SPORTTECHIE: What is the vision for the platform and game youre building with the NBA?

TEDMAN: The basic premise of Top Shot is that sports have really spectacular moments or plays every night. Theyre memorable and collectible and fans care about them and if you ask an avid fan of a team or fan of a league where they were when something happened, where were you when the butt fumble happened, where were you for the quintessential Jordan dunk? Fans remember that and they have deep connections to that. What we want is to take those amazing plays, tokenize them, and then create a gaming experience where you can play with them. Ultimately, youll take those moments, youll create a team that would play against another team, those teams will battle, there will be some points exchanged, and you still get to keep your tokens. So you get to both own the asset, the memory, and you also get to play with it.

We expect to see a few different archetypes to arise, which is what we saw with CryptoKitties. There will be speculators, there will be people who just want rare tokens, special moments, things that are re-sellable, and we certainly saw a spectator market in CryptoKitties. There will be collectors, people who will just collect stuff they love. I will fall into this category and I will have an entire collection of Serge Ibaka moments, I already know that. Working on this project has already changed how I watch sports broadcasts and certain plays within the game.

The third archetype will be gamers, people who dont necessarily have a certain allegiance to any team but really like the game and come in to buy tokens to be stronger within the game. We saw that with CryptoKitties and I think well see the same thing in Top Shot. Crypto allows for such a wide differentiation for the kind of people who play the game so youll actually broaden the market for what would just be a single game without the marketplace.

If what we think is going to happen actually happens, people will want to make sure they have access to these moments in real time. Were still working through with the league, which has been a phenomenal partner, how we can get a real time drop of these assets because its quite more complicated than just clipping video and shooting it out on social media. But we expect people to watch more games so they dont miss the moments that are clipped and dropped. We expect people to, in the same way fantasy football gives you weird sports allegiances and makes you love players that you had never really thought of before, love players that maybe you wouldve hated before, we expect this environment to do a bit of this as well. Maybe theres a slot in your team thats really weak, you need a better point guard asset, to be really searching out that kind of thing and learning more about players, their stats, when theyre playing.

What Ive seen in a former life is that when you serve fans well, they spend more time with you, they spend more heartshare and more mindshare with you. What we hope to see is that fans of the NBA and maybe fans of other sports as well see that value exchange deepen their fandom and that translates to not just more minutes viewed, but maybe more jerseys sold, more copies of 2K sold, because the fandom deepens and that results in more engagement across the life cycle of fans.

Once those tokens are out there, other people can create stuff. We saw other games pop up that use CryptoKitties, and they didnt have to do the coding work that we did around the tokens. We saw secondary markets where people created services to analyze your CryptoKitties.

SPORTTECHIE: How will Dapper Labs and the NBA monetize Top Shot?

TEDMAN: The way that the games so far have been structured, and we anticipate theyll continue to be structured to a certain extent, is that there's a primary marketplace and in that new content, new tokens, get introduced. And thats a primary revenue stream for the game and the brand. Both NBA and Dapper Labs make money when we sell tokens.

Then theres the secondary revenue source, which is the peer-to-peer marketplace where consumers get to participate in that exchange of value but there is also a small marketplace fee, that would be kind of like a transaction fee on a credit card, where the brand also gets to retain some value from that secondary marketplace, which is something that doesnt really exist. If I go to sell something on eBay, the brand that initially sold me that doesnt get to retain that value. But in the blockchain space, they do.

One of the things we get asked sometimes is about where we fit in that ecosystem. We see this as an entirely new category. We dont see us as competing against other games, we see ourselves as complementary. Everything thats in the market that helps to deepen fandom, also benefits us.

We see the opportunity for something like the Flow blockchain that were building to be something that maybe other games want to build on, or other games want to enter the ecosystem and participate in. We see all the different brands that interact with a league like the NBA as being part of that ecosystem. So if you think about sneaker brands or apparel brands, all different ways that you could consider powering up players or creating an environment for self expression, we see all that as fitting into that ecosystem.

For the launch of Top Shot, we want to make sure theres a great core game experience, but part of the joy of blockchain is that you can start to bolt other really interesting things on, whether theyre features or other games, other ways for brand assets to interact. The way that we think about the environment well be in probably a year from now, once we start to get real traction for adoption, will be nothing like what it looks like today. It will be a completely different world where brands are thinking about their IP differently, fans are thinking about the way they spend their money differently, and brands like gaming companies or studios will be thinking about how to make all those things interact with each other.

SPORTTECHIE: How will blockchain usage spread through the sports industry?

TEDMAN: The NBA is the ideal launch partner and we feel really lucky to have a relationship with them. I think every league will follow. The interest that weve seen internationally across leagues, not just in North America but also in Europe, is really strong. Clubs are thinking about usage, the Sacramento Kings have been active in the space. Nike recently filed a patent around blockchain. Its impossible for this technology not to succeed because, one, its actually useful, and two, brands are just so much more savvy around technology in general and have an understanding about how to be early adopters.

Twenty-twenty to me is a year where were going to see early adopters launch projects and see consumer adoption of those projects. Those projects are not going to be perfect, but they will be a great bellwether for what needs to be done for the next wave of adoption. In 2020, were going to see mainstream adoption, were going to see lots of different sports and sports-related brands participating in this space. The learnings from this year are going to be what helps finish mainstream adoption where people get a really good idea of what they could be doing in this space and consumers get an idea of the benefits of using blockchain technology through fun and games in a way that isnt scary to them.

I think blockchain is going to be a great revenue stream for sports bands, for brands in general, but particularly sports brands. The experience we bring from having early success in this space, from making mistakes and fixing them, from having literally the best blockchain engineers in the world in our office. All of those things are places where we add value. We add the understanding of what could be done in the space and what we think should be done in the space.

We have a vision of where we want to see this technology go and we have a lot of people in-house who really understand consumers, not just me with the sports perspective but also people who have worked in gaming for a long time, who have worked in other verticals for a long time. Bringing that consumer focus to the brands that were working with is really valuable because were skipping forward past where a lot of companies are in terms of understanding their own technology. We understand the technology and we understand the consumer. And everything that happens in the blockchain space creates new revenue lines, so we can help these early-adopting brands to find strong new digital revenue streams.

In sports, sports leagues are not just competing with [other] sports, theyre competing with everything that a consumer does in their day, whether thats playing Fortnight, shopping online, or watching the Emmys. So when you think about how important the relationship between league and fan is, and we hear this from other verticals as well, their primary focus is deepening that relationship because itll be much harder to attract a new fan than it will be to keep an existing fan and make that fan feel valued.

Sports have really spectacular moments or plays every night. Theyre memorable and collectible. Ask an avid fan where were you when the butt fumble happened, where were you for the quintessential Jordan dunk? Fans remember that and they have deep connections to that. What we want is to take those amazing plays, tokenize them, and then create a gaming experience where you can play with them.

SPORTTECHIE: There are many different blockchain platforms. Can they interact and work together?

TEDMAN: Blockchain especially allows for interoperability between different platforms so I could see a world in which one day SportsCastr assets have a place in Top Shot and vice versa, and that we have the opportunity to work collaboratively, especially in these early days but also as the industry grows.

I think the technology itself and the space is such a blue ocean so I hope no one feels like there are competitors that will prevent them from being successful, because as long as people are putting good products in the marketplace and theyre engaging with fans, then we can all work together.

SPORTTECHIE: Outside of just sports, what will the next 10 years look like?

TEDMAN: I think well stop talking about blockchain and itll just be a part of the technology stack that everyone uses. Itll underpin a lot of different business cases that are pretty dry, a lot of stuff thats just built on top of it with blockchain at the public database level.

For consumers, it will change the relationship they have with the way they spend money in the digital space. I think it will be really hard to go backwards to spending money online for digital assets without truly owning them or having that value proposition for them and I think well see cryptocurrency widely adopted, whether its the speculatory Bitcoin scenario, or whether its USDC or any number of stable coins that will allow people to interact online with confidence that the currency theyre using is either pegged to fiat currency or its more steady than some of those speculative vehicles.

But were not talking about 10 years, were talking about five years where we see pervasive adoption of the technology, because its useful. Once that consumer relationship changes, everyone will have to come to the table and start to integrate it and I think that is going to happen really quickly.

Question? Comment? Story idea?Let us know at[emailprotected]

Read more from the original source:
Dapper Labs VP Caty Tedman: 'We'll Stop Talking About Blockchain. It'll Just Be a Part of the Technology Stack' - SportTechie

North Koreas top leaders appear to be intensifying efforts to mine cryptocurrency as a way to evade international sanctions, according to a new report

State-sponsored crypto-crime: The report by Recorded Future, a US company that analyzes cybersecurity threats, details the efforts of Kim Jong-uns regime to use cybercrime and cryptocurrency to get around sanctions meant to curb the nations nuclear weapons program. The United Nations recently estimated that North Korea has stolen as much as $2 billion using widespread and increasingly sophisticated cyberattacks on financial institutions and cryptocurrency exchanges. Both the UN and Recorded Future had reported previously that in addition to stealing cryptocurrency, the regime had also started mining it. The new report adds more details about the mining effort and suggests that North Korea is expanding this particular operation.

A steady buildup: In July of 2017, Recorded Future published one of the first reports suggesting that North Koreas government was mining Bitcoin. A year later the company noted that North Koreas interest in and use of cryptocurrencies had exploded. Besides pulling off a number of successful robberies of South Korean cryptocurrency exchanges, the regime had begun mining a privacy-oriented currency called Monero. Unlike Bitcoin, whose public transaction record makes it possible to track money flows, Monero uses cryptography to hide transaction information from public view and make the flow of money very difficult to trace. The authors of the new report say that North Koreas Monero mining efforts appear to have increased tenfold since 2018.

A valuable tool: Considering this development and the countrys successful exchange hacks and other crypto-related thefts, the authors conclude that cryptocurrencies are a valuable tool for North Korea as an independent, loosely-regulated source of revenue generation, but also as a means of moving and using illicitly obtained funds.

Keep up with the fast-moving and sometimes baffling world of cryptocurrencies and blockchains with our weekly newsletter Chain Letter.Subscribe here. Its free!

Follow this link:
North Korea appears to have expanded its crypto-mining operation - MIT Technology Review

SANTA ROSA, Calif. & LIVERMORE, Calif. & SINGAPORE--(BUSINESS WIRE)--Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, National Information Optoelectronics Innovation Center (NOIEC), an innovative institute aimed at building a world-class R&D for the information optoelectronics industry, and CompoundTek, a global foundry services leader in emerging silicon photonic solutions (SiPh), will work together to establish layout design standards for the automated testing of photonic integrated circuits (PICs).

PICs offer a multitude of advantages over their discrete components and bulk optics counterparts including significant footprint reduction, improved stability and lower energy consumption. PICs are ubiquitous in telecommunication networks solutions and attract increasing attention in new applications like sensing, bio-medical, cryptography and quantum computing. As the range of applications widens, a high level of standardization and automation becomes essential to ensure the scalability, process monitoring and yield required for volume production.

Keysight, NOEIC and CompoundTek will collaborate to establish a globally recognized standardized approach to PIC layout, enabling access to automated testing, generic assembly and packaging services for scaling to volume production. The goal is to interface with PIC designers who define the test protocols during the design stage and with the test facilities which will enable automation and define measurement procedures and their parameters.

The consortium will work together to standardize PIC layout conventions and design rules for edge-coupled circuits, which include, but are not limited to, die orientation, location of I/O ports, placement of DC pads, fiducials and indication of restricted areas important for automated testing, assembly and packaging. Adopting and deploying a proven integrated solution, featuring Keysight's Photonic Suite on a fully automated probe station with speed optimized test executive algorithm, facilitates high throughput testing. It also enables Design-For-Test (DFT) and First-Design-Right (FDR) techniques to reduce overall costs associated with the test. Keysight's Photonic Suite is comprised of Keysights PathWave and Photonic Application solutions.

About NOEIC

National Information Optoelectronics Innovation Center (NOEIC) is a national R&D and innovation hub settled in Wuhan China Optics Valley that brings together the resources of its word-class platform, industrial companies, research institutes and investment partners to promote commercialization of scientific and technological achievements in information optoelectronics. NOEIC helps the industry to breakthrough key generic and common technologies such as materials growth, PIC technology, advanced packaging and provide high-end information optoelectronics solutions for 5G, high speed optical communications, data centers and other applications. For more information, visit http://www.noeic.com.

About CompoundTek Pte Ltd

Founded and supported by industry veterans and technologists, Singapore-based CompoundTek combines world-class commercial foundry with leading silicon photonics (SiPh) research institutes to provide cutting-edge SiPh technologies that enhance foundry services capabilities. CompoundTek brings to the marketplace revolutionary semiconductor applications designed to meet critical requirements in high bandwidth and high data transfer solutions particularly in emerging connectivity driving Industry 4.0. For more information, visit http://www.compoundtek.com and LinkedIn.

About Keysight Technologies

Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world. Keysight's solutions optimize networks and bring electronic products to market faster and at a lower cost with offerings from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $4.3B in fiscal year 2019. More information is available at http://www.keysight.com.

Continued here:
Keysight, NOEIC and CompoundTek Establish Open Standards for Layout, Design and Automation of Photonic Integrated Circuit Testing - Business Wire

Cryptography is a technique used to protect communications and information through the use of code. The aim is to ensure that only the creator and recipient can read and process the information. In this article, we will take a closer look at cryptography and its integral role in Ethereum.

The word cryptography combines the prefix crypt, meaning hidden, with the suffix graphy, meaning writing.

In computer science, cryptography is a technique that is derived from mathematical concepts combined with a set of rule-based calculations, known as algorithms.

Cryptology is used to transform communications and information into messages that are difficult to decipher. Deterministic algorithms are often use for digital signatures and verification, as well as cryptographic key generation, to protect web browsing and data privacy, and confidential communications, such as email and credit card transactions.

Ethereum is a multinational, decentralized money platform with many new applications. On Ethereum, users can write code to control money, as well as building applications that are accessible anywhere in the world.

Blockchain is commonly associated with Bitcoin, though it has many other potential applications reaching far beyond digital currency. In fact, blockchain is used in several hundred different applications today.

Until recently, creating blockchain applications required a complex understanding of cryptography, coding, and mathematics. However, times have changed. From digitally recorded property assets to regulatory compliance, blockchain has facilitated the development of previously unimagined applications.

Ethereum is a public blockchain network. Although there are several key differences between Ethereum and Bitcoin, the most important distinction is in terms of capability and purpose.

Although Ethereum users mine for Ether in the same way that Bitcoin users mine for Bitcoin, Ether is more than a tradable currency. It can be used by app developers to pay for services and transaction fees via the Ethereum network. The Ethereum Virtual Machine enables users to run any program, regardless of programming language. It streamlines the task of creating blockchain applications, simplifying processes and making them more efficient. Ethereum facilitates development of potentially thousands of different applications, all from a single platform.

According to ConsenSys cofounder, Andrew Keys, Ethereums Serenity will launch by the end of 2020. Keys recently announced that Ethereum will move stridently into Phase 1 of Ethereum 2.0, proceeding with the launch of shard chains. Keys believes that development of Serenity will effectively turbocharge Ethereum, bringing the platform closer to 2.0 levels of scalability.

Cryptographic proofs are critical to the operation of all blockchain systems, including the Ethereum platform.

With qualifications in cryptography gained through his studies at Stanford University, Domen Zavrl is well aware of the integral role of cryptography in advancing Ethereum technologies. Mr Zavrl has two PhDs, the first in Applied Macroeconomics which he gained from Klagenfurt University. His second PhD is in System Dynamics, exploring stabilisation of non-linear real-life systems.

Domen Zavrl completed Dartmouth Universitys Tuck Executive Education. He studied Finance Accounting and Online Bridge Finance at Tuck School of Business, Dartmouth Universitys graduate business college. Domen Zavrl also attended Duke University, where he studied Sports and Society.

In a professional capacity, Mr Zavrl has worked with some of the finance industrys most prestigious companies, including OCR AG, Enpetro, MBB Ista, and Framingham Asset Management, the organisation that successfully bid on Postbank BH. He is a member of the Institute of Internal Auditors and has a special interest in macroeconomics stabilisation policy and institutional economy.

Like Loading...

Related

Original post:
Domen Zavrl: Ethereum and the Future of Cryptography - ABCmoney.co.uk

Trafficking of children and women is the harsh reality of todays world. Governments and law-reinforces continue to battle the syndicates, but have largely failed. In the US, the FBI and Justice departments fall under a lot of scrutiny for the their inability to curb the issue.

Reportedly, US lawmakers and Department of Justice under Attorney General William Barr,as a counter measure, are looking to ban cryptography altogether.

At the US White House Summit on Human Trafficking, Barr rallied against end-to-end encryption. According to him, the military grade security features are enabling human trafficking via closed networks.Barr notes in his address at the Summit,

We live in adigitalage, and like everyone else, human traffickers are relying increasingly on digital communication and the internet and more and more, the evidence we rely on to detect and to deal with these predators is digital evidence. However, increasingly, this evidence is being encrypted.

Barr and Senator Lindsey Graham (R-S.C.) are targeting encryption through a draft bill Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act,

The bill seeks to ban child objectionable content on websites and social media groups. The intentions are positive, however, it demands a back-door entry for Government officials into the privacy of all individuals. Hence, people using private messenger apps via WhatsApp or Apple devices, will necessarily require to give up their rights to privacy.

Moreover, the back-door entry to the Government could both the exploited and used for unethical activities by corrupt individuals.

Furthermore, the ban or restrictions on encryption would not only effect personal data, but also cryptocurrencies. The value and information exchange on many Blockchain networks work on anonymity and discretion.

Leading financial analyst Thomas Lee from Fundstrat tweeted,

If true, would have some negative impact on crypto and digital assets which are grounded by cryptography

Ever since the revelations made by Edward Snowden, people have grown increasingly averse to private surveillance by the regulatory authorities. The basic idea of cryptocurrencies is achieving decentralization through cryptography and distributed consensus.

However, the above proposed seeks to increase centralized control over individual data and information transfer.

Do you think the bill will be accepted into a new law? Please share your views with us.

Summary

Article Name

Draft Bill to Ban Encryption in the US Threatens Cryptocurrency Survival

Description

Trafficking of children and women is the harsh reality of today's world, as Governments and law-reinforces continue to battle the syndicates. In the US, the FBI and Justice departments fall under a lot of scrutiny for the their inability to curb the issue.

Author

Nivesh Rustgi

Publisher Name

CoinGape

Publisher Logo

Share on Facebook

Share on Twitter

Share on Linkedin

Share on Telegram

The rest is here:
Draft Bill to Ban Encryption in the US Threatens Cryptocurrency Survival - Coingape

Imagine walking past a 12-foot-tall scroll covered in seemingly nonsensical letters every day for 30 years and wondering just what the hell it actually means. That's probably how it feels to be the Central Intelligence Agency (CIA) employees who regularly pass by the infamous Kryptos sculpture in the courtyard of the bureau's headquarters in Langley, Virginia.

Kryptos, devised by artist Jim Sanborn, has been around for nearly three decades, and yet no one has figured out what the full message says, let alone cracked the underlying riddle. Even the National Security Agency (NSA) could only decrypt part of the code.

Now, just months before a dedication ceremony in November to celebrate the copper scroll's 30 years of stumping experts, Sanborn has released a third and final clue to help hobbyistswho easily number in the thousands, based on activity in code-cracking forumsfigure out what the remaining, unsolved 97-character passage says.

But Sanborn says unscrambling that phrase won't exactly lead you to a quick victory. It's really just the end of step one.

"It's a 97-character phrase," he told NPR. "And that phrase is in itself a riddle. It's mysterious. It's going to lead to something else. It's not going to be finished when it's decoded.

As for the clue itself? It's one word: NORTHEAST.

In 1990, sculptors first erected Kryptos. At about 12 feet tall and 20 feet long, the now-greenish copper structure offers up some 240 square feet of frustration to all of the CIA employees and codebreakerslike video game developer and cryptologist Elonka Duninwho set eyes on it.

Dunin is a master cryptographer and runs a helpful and in-depth website all about Kryptos. (She's cracked so many codes that Dan Brown, author of The Da Vinci Code, even named a character in that book after her.) According to her site, Kryptos contains a series of punched-out letters in a metal structure, is made up of thousands of characters, and shows four total messages.

There are actually several various parts to Kryptos, all scattered around the CIA headquarters. There's the ultra-famous copper scroll, which contains nearly 1,800 encrypted characters. It's next to a petrified tree and a circular pool. Then there are several sheets of copper, embossed with Morse Code, and sandwiched between granite slabs. A nearby landscaped area includes more granite slabs and a duck pond. Finally, there's an engraved compass with a needle pointing at a lodestone, a naturally magnetized form of magnetite rock.

Sanborn received a bit of help from Edward Scheidt, a retired chairman of the CIA's cryptographic center, to come up with the codes for each passage. The Kryptos message contains a partial guide to the code's solution inside the panels of the sculpture.

Thanks to two prior clues from Sanborn in 2010 and 2014, the first three passages have been solved by the likes of NSA employees and James Gillogly, a computer scientist, but the final 97-character portion still eludes experts.

"It is considered to be one of the most famous unsolved codes of the world," Dunin said in a documentary interview. "Here we are going on 30 years, and it still hasn't been cracked."

University of California San Diego

The first portion of the Kryptos puzzle is a poetic phrase, written by Sanborn, himself:

Sanborn says that the misspelling of "illusion" as "iqlusion" was intentional, to make it tougher for cryptographers to decode.

In the second phrase, the exact latitude and longitude of the CIA headquarters is pointed out, and something buried is hinted at:

Apparently "W.W." is a reference to William Webster, who headed the CIA when the sculpture was first unveiled in 1990. Sanborn allegedly gave him a key to decipher the code.

In the third section, there are lines from archaeologist Howard Carter's diary, describing a door opening into King Tut's tomb. Note that there are more misspellings:

Karl Wang, a student at the University of California San Diego who created a page with the solutions, says the third passage is much more difficult to crack than the prior two.

"The first two parts are straight-forward enough that nearly anybody with a simple education in cryptography can solve them," he said on his page. "The third part is much more advanced, and the fourth part is borderline impossible."

Gillogly was the first to publicly announce a solution for the first three parts, which he completed with a computer attack in 1999, according to Dunin's website. Afterward, the CIA said its own analyst, David Stein, had also solved those first three parts, but had done so a year prior with paper and pencil.

Two years after Stein's solution was announced, the NSA claimed it had a team that solved parts one through three all the way back in 1992, but kept mum. Still, no one has cracked part four.

To solve the first two passages, codebreakers used vigenere, which is what cryptologists call a polyalphabetic substitution cipher system. It means multiple alphabets are used to encrypt one message. Created in the 16th century by cryptographer Giovan Battista Bellaso, the scheme was easy to create, but excruciatingly hard to crack. It wasn't until nearly 300 years later that a vigenere cipher was first solved, leading the French to call it "le chiffre indchiffrable," or "the indecipherable cipher." Today, people mostly use computers to crack these codes.

To solve part four, Dunin and other cryptologists have tried every method at their disposal, from polyalphabetic substitution to transposition. No such luck. Now, with three clues in hand, "BERLIN," CLOCK," and "NORTHEAST," it's your turn.

Here are the materials you should peruse to get ahead in solving the final Kryptos cipher:

Unsolved!

When you think you have the answer right, head to Sanborn's website, where you can find the best way to contact him to see if your solution is correct. Right now, it's an email process that costs $50 per entry.

If all else fails, don't get too hard on yourself. "Kryptos" is Greek for "hidden," and it looks like the answers to this puzzle might well be tucked away for another 30 yearsor at least until Sanborn dies and eventually auctions off the solution to the code. He told The New York Times that any of the money raised through an auction will go to climate science.

Continue reading here:
Nobody Has Solved This Cryptographic Puzzle for 30 Years. Think You Can? - Popular Mechanics

Hidden secrets laid bare

Steganography, the practice of hiding information, has been around for centuries. And in parallel to technological advances, steganography has also evolved and adapted with the advent of computers and the internet.

Digital steganography usually involves hiding data inside innocuous files such as images, videos, and audio.

Today, digital steganography is one of the important components in the toolboxes of spies and malicious hackers, as well as human rights activists and political dissidents.

Steganography is the use of various methods to hide information from unwanted eyes. In ancient times, steganography was mostly done physically.

The oldest documented case of steganography dates to 500 BC, in which Histiaeus, the ruler of Milteus, tattooed a message on the shaved head of one of his slaves and let the hair grow back. He then sent the slave to the Aristagoras, his son-in-law, who shaved the slaves head again and revealed the message.

In the centuries that followed, more modern forms of steganography were invented, such as invisible inks. Today, steganography has moved to the digital world.

Steganography by definition is the hiding of one file within another, says Ira Winkler, lead security principal at Trustwave.

Steganography works by hiding information in a way that doesnt arouse suspicion. One of the most popular techniques is 'least significant bit (LSB) steganography. In this type of steganography, the information hider embeds the secret information in the least significant bits of a media file.

For instance, in an image file each pixel is comprised of three bytes of data corresponding to the colors red, green, and blue (some image formats allocate an additional fourth byte to transparency, or alpha).

LSB steganography changes the last bit of each of those bytes to hide one bit of data. So, to hide one megabyte of data using this method, youll need an eight-megabyte image file.

Since modifying the last bit of the pixel value doesnt result in a visually perceptible change to the picture, a person viewing the original and the steganographically modified images wont be able to tell the difference.

Steganography is the practice of hiding of one file within another

The same scheme can be applied to other digital media (audio and video), where data is hidden in parts of the file that result in the least change to the audible or visual output.

Another less popular steganography technique is the use of word or letter substitution. Here, the sender of the secret message hides the text by distributing it inside a much larger text, placing the words at specific intervals.

While this substitution method is easy to use, it may also make the text look strange and out of place, since the secret words might not fit particularly well into their target sentences.

There are other types of steganography, such as hiding an entire partition on a hard drive, or embedding data in the header section of files and network packets. The effectiveness of these methods depends on how much data they can hide and how easy they are to detect.

Malicious hackers use steganography for a variety of tasks such as hiding malicious payloads and script files. Malware developers often use LSB steganography to hide the code for their malware in images of celebrities and famous songs and execute them with another program after the file is downloaded on the victims computer.

The term Trojan Horse is used to describe a dangerous file hidden within a harmless file. Macro attacks are a form of steganography as well, Trustwaves Winkler says.

Steganography will be used by creative hackers whenever there is a need to bypass protections.

Cybercriminals, however, are not the only actors who use steganography on a daily basis. Spies use the technique to communicate with their command center without arousing suspicion among their hosts.

Tech-savvy human rights activists and dissidents also use steganography when they want to send sensitive information.

Steganography is used by everyone from human rights activists to cybercriminals

Steganography is often compared to cryptography. While steganography hides information, cryptography focuses on rendering the data unreadable to everyone except its intended recipient. Once a stream of data is encrypted, only a person who has access to its decryption key will be able to unlock it.

But if cryptography provides better protection for secret data, why use steganography at all?

The presence of cryptography reveals that something is hidden, and in many cases, this is enough to get the sender in trouble.

In a highly monitored country, like say China or Iran or North Korea, cryptographic files can be detected and the very fact you are sending/receiving them could raise suspicion, says security researcher John Ortiz.

When they show up and put a gun to your head for the key, even the most secure crypto is worthless.

Sometimes, steganography and cryptography are used together.

Steganography and encryption are not actually mutually exclusive, says Jerome Segura, director of threat intelligence at Malwarebytes. The former is mainly a way to conceal data within an image file, but that data doesnt have to be in clear text either.

Segura and researchers at Malwarebytes have been recently investigating a case where attackers were using image-based steganography to hide encrypted data. Even if someone discovers the hidden data, they will still need to decrypt it to reveal its contents.

Steganography, as any other obfuscation method, is a way the bad actor will use to keep their malicious code hidden for as long as possible, says Fioravante Souza, threat research manager at Sucuri. By embedding malicious code inside benign file types, the hackers increase their chances of getting past threat detection tools and security analysts.

Such a stealth method makes it harder for security products to detect and protect against the threats that use them. Antivirus products do not usually scan for non-executable file headers (such as sound files, images), says Ophir Harpaz, a security researcher at Guardicore.

In several cases, the attackers used steganography to hide their malware in images uploaded on social media networks and then used a local tool to download them onto the victims computers.

But the use of steganography in cyberattacks is not without its hurdles. The key challenges with steganography in terms of malware or storing data is that the file size increases. For large amounts of data, it becomes easy to spot. But when its not, it becomes more troublesome to find, says Cesar Anjos, an analyst at Sucuri.

Detecting steganography can be very tricky, but recent examples of steganography detected in malicious attacks include:

The practice of detecting steganography is called steganalysis. There are several tools that can detect the presence of hidden data such as StegExpose and StegAlyze. Some analysts use other general analysis tools such as hex viewers to detect anomalies in files.

Finding files that have been modified through steganography continues to remain a challenge, however. For instance, knowing where to start looking for hidden data in the millions of images being uploaded on social media every day is virtually impossible.

The data looks like/sounds like noise, so it is difficult to distinguish from the existing noise. Or it is in very little data, Ortiz says. And there are so many different hiding techniques that you need multiple detection techniques to detect them there is no one-size-fits-all

Guardicores Harpaz warns: Threat actors have a decent arsenal of steganography techniques they use as part of their modus operandi it is not a new trend. As our research shows, it remains in the wild to this day and is not likely to disappear.

READ MORE What is DDoS? A complete guide

Read the rest here:
What is steganography? A complete guide to the ancient art of concealing messages - The Daily Swig