Software Integrity Blog

Author Archive

Mantej Singh Rajpal

mrajpal

Mantej Singh Rajpal is a senior security consultant at Synopsys. He specializes in reverse engineering and cryptography. Mantej is listed on the Twitter, Pinterest, and Hack the Pentagon (DoD) Halls of Fame. He holds a Bachelor's Degree in Computer Science from UC Riverside and a Master's in Computer Science from NYU. Mantej's Words of Security Wisdom: Don't roll out your own crypto. You will get it wrong.


Posts by Mantej Singh Rajpal:

 

Attacks on TLS vulnerabilities: Heartbleed and beyond

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business

 

Forging a SHA-1 MAC using a length-extension attack in Python

SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Forging a SHA-1 MAC using a length-extension attack in Python