January 2021

This month:

  • The SolarWinds attack - what happened?
  • Why Keyblocks are back on the agenda
  • Certificate outages and how to avoid them
  • Breaking 3DES
  • Our picks from this years's virtual Real World Cryptography conference 2021

What Happened at SolarWinds?
Sometime before March 2020, hackers working for the Russian SVR hacked into SolarWinds and slipped a backdoor into an Orion software update. Users who downloaded and installed that corrupted update were subject to a supply-chain attack that allowed a malicious hacking group access to unknown quantities of sensitive data. In this video Graham explains how this happened and why code signing didn't prevent a third party from injecting bad code.

Is the Mimecast attack related? It's too soon to be sure, but it seems highly likely.

Why Key Blocks are Back on the Agenda
The deadline to complete phase 2 of the PCI PIN standard 3.0 (implementing Key Blocks for external connections to associations and networks) is coming up in June 2021. Migrating from the old “variant key blocks”, or other deprecated methods, to the new “TR-31” format (one of the interoperable key block formats PCI recommend), is complicated. Fortunately Cryptosense Analyzer is able to show you what your keys are doing and give you the visibility you need to simplify migration.

Certificate Outages and How to Avoid them
Despite a great deal of automation in the certificate management space, large organisations still suffer from outages caused by problems with certificate provisioning. These can be extremely costly. In our upcoming webinar we'll look at examples of real "rubber hits the road" issues with organising certificate management and how to avoid them. Register here.

Breaking 3DES
The triple DES cipher is broken, it has been deprecated by the NIST since 2017 and its use is not advised. We've got more details about the surprising history of 3DES on the blog, and here on our Youtube channel.

Our Picks from the Virtual Real World Cryptography Conference 2021
The Virtual Real World Cryptography Conference took place last week. Highlights from the programme this year include an update from NIST on the PQC competition, and "My other car is your car: compromising the Tesla Model X keyless entry system". You can find the program and watch the talks here.

To get the latest crypto news as it happens, subscribe to our Youtube channel.

Wishing you all a safe and secure 2021,
Graham and the Cryptosense Team