Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug. You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.

On Apple, Encryption, and Privacy: A Word About Decryption

In February 2016, Apple announced that it would fight the FBI’s court order to break the encryption of the iPhone of one of the San Bernardino attackers. We wrote a blog post on that decision; this is a follow-up to that original piece.

On Apple, Encryption, and Privacy

In the wake of news that Apple plans to oppose a federal court order to assist the Justice Department in decrypting data stored on an iPhone belonging to one of the San Bernardino attackers, a broader conversation about encryption, privacy, and law enforcement has begun.

SSL Key Generation Weaknesses

For those that are new to PKI (Public Key Infrastructure) or those that want a quick refresher, the following video is a great explanation and metaphor based on colors and clocks:

Whether the problem is influenced more by Moore's Law or by Murphy's Law, history tells us that every so often there is a publicly disclosed key generation flaw in a popular encryption algorithm. For example:

1