Public key infrastructure (PKI)

A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key and send the public key with the certificate request to the CA. The client will use its private key to digitally sign that message. At this stage, the CA will either approve or deny the request. The Registration authority (RA) is another entity that can proxy certificate request to the CA on behalf of the client. When a certificate has been compromised it is revoked in the CA and updated to the Certificate Revocation List (CRL). The disadvantages of a certificate being revoked are that client has to go to the full list of what they are looking for. With the Online Certificate Status Protocol (OSCP), we only check for the validity of individual certificate without going to the full list thus improving performance. The standard for the certificate is the X.509 standard.


How much is your Gmail Account Worth?

Many emails account are hijacked everyday. Cybercrooks are selling those compromised accounts in the black market. If you are using Gmail , then there is an auditing method of  knowing its retail price on the underground.

The university of Illinois at Chicago has created a Gmail account audit tool called Cloudsweeper.


As seen in the picture above  My account is worth $5. It has also helped me finding plain text passwords which were sent to my email. The tool rocks and is worth trying.

Plain text passwords found by Cloudsweeper
Plain text passwords found by Cloudsweeper


Information gathering tool

Social networks sites have become a potential source of information about criminals and their activities. Many private firms are tracking their employees lies using those shared environment. Security researchers have created the rapid information overlay technology (riot). The tool can gather a lot of information from websites such as Facebook, twitter and Foursquare.

Riot can give you a clue about someone’s life raising concern about privacy. Indeed pictures and location tracking posted on social network sites reveal the identity and can even help decrypting the thoughts, predict what one can do next. A video about riot can be watched here.