Icefall Vunerability Causes
- Insecure engineering protocols
- Weak cryptography or broken auth schemes
- Insecure firmware updates
- RCE via native functionality
Development Trade-Off
trade off between devivering products quickly or delivering secure products
CIA Triangle
- Confidentiality
- Availability
- Integrity
you can have any two trivially, having all 3 is difficult
Hardware Security Module
- Confidentiality - keys are stored in the HSM with defined access procedures rather than ‘anywhere’
- Availability - Seperate hardware, not impacted by randomware
- Integrity - with HSMs changes to an enterprises keys must be approved by more than one person
Accountability
Integrity of logs
Authenticity
integrity of addressing information and logs
Non-repudiation
confidentiality of signature information
Social Engineering
the practice of manipulating individuals to divulge sensitive information or perform actions that compromise security
Phishing
social engineering via email, generally bulk email expecting a small proportion of the targets to succumb
Spear Phishing
rather than bulk phishing this targets a specific individual
can be quite difficult to spot because it is tailored to a single person
Smishing
Phishing via SMS
Vishing
Phishing over voice calls
