#encryption

As I write this piece, I’m preparing for the graduation of some of the first Bachelor of Cybersecurity students from James Cook University Singapore, which means it’s approaching two years since I joined and started teaching Cybersecurity. So now seems like a good time to reflect on some recurring tools and techniques that I’ve found useful so far. This post will focus on one: GNU Privacy Guard (GPG). Unsurprisingly, cryptography comes up a lot in a course about cybersecurity, so no matter what subjects I’m teaching, there’s often a reason to introduce, or reiterate, some essential concepts. [Read More]

In January, I asked whether TLS channel binding with strong authentication was the solution to defend against MITM or proxy style phishing attacks. The answer was “yes, but also no”. I will look beyond SCRAM soon, but first I want to fulfil a promise to go into more detail about how SCRAM works, especially with channel binding.

[Read More]

Authentication and in particular passwords are the bugbear of many cybersecurity professionals. For all the encryption, firewalls, IDS and other defences we put in place, if authentication doesn’t do its job properly, or a user’s credentials get stolen, a compromise is very likely. In the future, we might embrace password-less authentication, relying instead on biometrics, tokens and smart devices in various combinations. Indeed, some platforms do this already, but not all. [Read More]