Cryptojacking: cryptography in service of the Devil

A new revenue stream has been implemented by the end of the last year. Maybe cryptojacking did not get yet the hype it deserves but it has been already widely used. Most Internet consumers are not aware of it though its intentions are far from being innocent. It may also generate inequalities among Internet users. Definition Cryptojacking is about using the user’s device processor, with or without his consent, to mine cryptocurrency when visiting a given webpage which is not necessarily compromised but can do that on purpose. [Read More]

Vigenère cipher simplified implementation

This is not an other dissertation on Vigenère cipher. This encryption algorithm is profusely discussed in cryptography literature. Here is rather a simplified yet efficient implementation of it. The goal of this article is not to about debating the theory of Vigenère cipher. I rather just want to focus on its implementation after I have seen several awkward ways of proceeding to it on different online programming forums. This question on Code Review website is an example of such implementations where code duplication is obvious but which the pre-existing answers did not address. [Read More]

JavaScript malware

What are the JavaScript malware attack techniques and how to prevent from them? Note: I first published this as an answer on InfoSec website under a previous and now deleted profile. Server side polymorphism Literally meaning many shapes, polymorphism is a technique used by malware authors to evade signatures based detectors. Polymorphism is qualified as being server sided when the engine which produces several but different copies of the malware is hosted on a compromised web server (Server-Side Polymorphism: Crime-Ware as a Service Model (CaaS)). [Read More]

Mozilla beheads SHA-1

You have heard of SHA-1 deprecation since 2012. Mozilla finally confirms this is not a joke. May be you are tired of hearing over and over again about SHA-1 deprecation since 2012 when Bruce Schneier announced that collision attacks may be cost around $700k to perform by 2015, which was the year where the first practical full-on collision attack was lead out by researchers who predicted a costless real world attack may occur on 2018. [Read More]