Tag Archive for: mystery

Decoding the Mystery of Encryption: The Power of Public and Private Keys | by Yash Gupta | Sep, 2023

/in


“In the world of encryption, the key to understanding is just a public and private key away.” — Anonymous

In the digital world, the concept of encryption is as ubiquitous as it is vital. It is the bedrock of internet security, safeguarding our data from prying eyes. Encryption is the process of encoding information in such a way that only authorized parties can access it. It is a complex yet fascinating subject, and understanding it requires a deep dive into the realm of public and private keys.

Public and private keys form the basis of today’s encryption

The world of encryption is a labyrinth of complex algorithms and mathematical equations, but at its core, it is a simple concept. It is a method of transforming plain text into an unreadable format, known as ciphertext, to prevent unauthorized access. The process of converting the ciphertext back into its original form is known as decryption.

The two primary types of encryption are symmetric and asymmetric encryption. Symmetric encryption uses a single key for both encryption and decryption. However, it has a significant drawback: the key must be shared between the sender and receiver. This sharing can lead to potential security risks.

Asymmetric encryption, on the other hand, uses two keys: a public key for encryption and a private key for decryption. This method is also known as Public Key Infrastructure (PKI). The public key is available to everyone, while the private key is kept secret by the owner. This method eliminates the need to share keys, thereby enhancing security.

The concept of public and private keys is akin to a mailbox. Anyone can drop a letter (encrypt data) into the mailbox using the visible slot (public key), but only the person with the key to the mailbox (private key) can open it and read the letters (decrypt the data).

The process of generating these keys involves complex mathematical algorithms. The most common algorithm used is the RSA (Rivest-Shamir-Adleman) algorithm. It generates two large prime numbers and multiplies them. The complexity of factoring large prime numbers ensures the security of RSA encryption.

The beauty of public and private keys lies in their interdependence. The public key is used…

Source…

Years later, the Ashley Madison hack remains an unsolved internet mystery

/in


a dimly lit woman making the same

a dimly lit woman making the same

It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO: Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Years later, the Ashley Madison hack remains an unsolved mystery

/in


It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO:

Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Ransomware group claims massive data leak but Minneapolis schools files’ whereabouts a mystery

/in


This story comes from The 74, a nonprofit news organization that covers education in America.

A cyber gang claims it published what could be a startling amount of stolen Minneapolis Public Schools records to the internet after the district failed to meet a $1 million extortion demand, but where the actual files are now remains something of a mystery.

Early Friday morning, after the Medusa gang’s countdown clock on the ransom deadline struck zero, the files weren’t readily available for download on its dark web leak site. Instead, a “Download data now!” button directs users to contact the ransomware gang through an encrypted instant-messaging protocol. Attempts by The 74 to reach the gang have been unsuccessful.

Files from previous Medusa victims are available on a website designed to resemble a technology news blog — a front of sorts. Unlike the Medusa blog, this site is not relegated to the dark web and does not require special tools to access. Download links are also posted in a channel on Telegram, the encrypted social media service that’s been used by terror groups and far-right extremists. Yet as of Friday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform. 

Data breaches from previous victims appear to be uploaded to the faux technology news blog about a month after their ransom expires, suggesting that the Minneapolis files could become available online after a brief lag. 

Article continues after advertisement

Still, in a statement on Friday, the district said it “is aware that the threat actor has released certain MPS data on the dark web today.” 

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” the district continued. “This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.” 

Early indications suggest the files contain…

Source…