Software Integrity Blog

Author Archive

Amit Sethi

asethi

Amit Sethi is a principal consultant at Synopsys. He specializes in mobile security, online game security, and cryptography. Amit’s work includes extracting cryptographic keys from embedded devices using side-channel attacks, designing mechanisms to make those attacks more difficult, and designing a format-preserving encryption algorithm based on well-studied cryptographic primitives for a Fortune 500 company. Even in his free time, Amit enjoys reverse engineering binaries, analyzing open source software, and experimenting with new technologies.


Posts by Amit Sethi:

 

Shield your home from spies | NCSAM at Synopsys

October is National Cybersecurity Awareness Month. By now you’ve heard a story—or you have a story—about someone mentioning a product casually in a conversation and later seeing an online ad for the product. Once is coincidence. Twice is surprising. But every other day? How do web and mobile ads somehow seem to know what your […]

Continue Reading...

Posted in Privacy | Comments Off on Shield your home from spies | NCSAM at Synopsys

 

Are Android OEMs responsible for the gap in mobile security updates?

Google started releasing monthly security updates for Android back in August 2015. Modern Android devices show you the latest monthly patch level that has been applied. The responsibility for deploying the patches ultimately falls on original equipment manufacturers (OEMs) and carriers, who need to test the security updates on their devices to ensure that they […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Are Android OEMs responsible for the gap in mobile security updates?

 

Top security breaches of 2017 (+2018 cyber security predictions)

The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017. Record number of vulnerabilities The number of publicly disclosed vulnerabilities in 2017 far exceeds the number […]

Continue Reading...

Posted in Data Breach | Comments Off on Top security breaches of 2017 (+2018 cyber security predictions)

 

Did an Apache Struts vulnerability trigger the Equifax hack?

In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Did an Apache Struts vulnerability trigger the Equifax hack?

 

What can your firm learn from the unfolding Equifax hack?

On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]

Continue Reading...

Posted in Data Breach | Comments Off on What can your firm learn from the unfolding Equifax hack?

 

Top cyber security trends of 2016

As we near the end of 2016, it’s time to reflect on some of the biggest security issues that we saw this year. 2016 was an interesting year in which many security issues came into focus. We saw many attacks with a goal of financial gain. We saw nation-states threatening cyber attacks around the US election. And, […]

Continue Reading...

Posted in Data Breach | Comments Off on Top cyber security trends of 2016

 

Sweet32: Time to retire 3DES?

The DES encryption algorithm was designed in the early 1970s by researchers at IBM. It was adopted as a FIPS standard in 1977. The algorithm uses 56-bit keys, which were long enough to be secure at the time. However, as it became feasible to brute-force 56-bit keys, 3DES was adopted as a standard in the 1990s. […]

Continue Reading...

Posted in General | Comments Off on Sweet32: Time to retire 3DES?

 

Proper use of Java SecureRandom

Java SecureRandom updates as of April 2016 There have been several changes to Java’s SecureRandom API since creating this post back in 2009. According to Oracle, the following interesting changes have been made: For UNIX-like platforms, two new implementations have been introduced that provide blocking and non-blocking behavior: NativePRNGBlocking and NativePRNGNonBlocking. The getInstanceStrong() method was introduced […]

Continue Reading...

Posted in Developer Enablement, General | Comments Off on Proper use of Java SecureRandom