En su ciclo habitual de actualizaciones los segundos martes de cada mes, Microsoft ha anunciado que en esta ocasión se esperan diez boletines de seguridad. Las actualizaciones afectan a Office en general, Internet Explorer, Windows y Excel y Word en particular
Si en mayo se publicó una sola actualización para PowerPoint (que solucionaba 14 vulnerabilidades), este mes Microsoft prevé publicar diez actualizaciones el martes 9 de junio. Seis boletines son críticos, tres importantes y uno moderado. De los siete boletines dedicados a Windows, las versiones de 2000 y XP se llevan la peor parte, pues se ven afectados por todos. Vista y 2008, sin embargo, solo se ven afectados por cuatro de estos siete boletines, cosa que viene siendo habitual. Vista se ha desarrollado casi desde sus inicios dentro de un marco mucho más volcado en la seguridad dentro de Microsoft, y parece que el esfuerzo se va notando.
Adicionalmente, y como viene siendo habitual, Microsoft publicará una actualización para Microsoft Windows Malicious Software Removal Tool. Además, se publicarán actualizaciones de alta prioridad no relacionadas con la seguridad.
Después de un mes de relativa "calma", con un solo boletín para PowerPoint (aunque cargado de correcciones), Microsoft prepara un martes colmado de actualizaciones. Una vez más, parece que no le ha dado tiempo a preparar un parche para la grave vulnerabilidad en DirectX descubierta a finales de mayo cuando ya estaba siendo aprovechada.
Como es habitual, cada boletín podrá contener un número indeterminado de correcciones de seguridad y hay que señalar que, en cualquier caso, el adelanto que ofrece Microsoft está sujeto a cambios de última hora. Hispasec Sistemas publicará puntualmente a través de este boletín información detallada sobre los nuevos parches.
viernes, 5 de junio de 2009
martes, 2 de junio de 2009
Cryptography
Cryptography is the science of encrypting, or hiding, information—something people have sought to do since they began using language. Although language allowed them to communicate with one another, people in power attempted to hide information by controlling who was taught to read and write. Eventually, more complicated methods of concealing information by shifting letters around to make the text unreadable were developed.
The Spartans of ancient Greece would write on a ribbon wrapped around a specific gauge cylinder. When the ribbon was unwrapped, it revealed a strange string of letters.
The message could be read only when the ribbon was wrapped around the same gauge cylinder. This is an example of a transposition cipher, where the same letters are used but the order is changed.
The Romans typically used a different method known as a shift cipher. In this case, one letter of the alphabet is shifted a set number of places in the alphabet for another letter. A common modern-day example of this is the ROT13 cipher, in which every letter is rotated 13 positions in the alphabet: n is written instead of a, o instead of b, and so on.
These ciphers were simple to use and also simple to break. Because hiding information was still important, more advanced transposition and substitution ciphers were required. As systems and technology became more complex, ciphers were frequently automated by some mechanical or electromechanical device. A famous example of a modern encryption machine is the German Enigma machine from World War II. This machine used a complex series of substitutions to perform encryption, and interestingly enough it gave rise to extensive research in computers.
Cryptanalysis, the process of analyzing available information in an attempt to return the encrypted message to its original form, required advances in computer technology for complex encryption methods. The birth of the computer made it possible to easily execute the calculations required by more complex encryption algorithms. Today, the computer almost exclusively powers how encryption is performed. Computer technology has also aided cryptanalysis, allowing new methods to be developed, such as linear and differential cryptanalysis. Differential cryptanalysis is done by comparing the input plaintext to the output ciphertext to try and determine the key used to encrypt the information.
Linear cryptanalysis is similar in that it uses both plaintext and ciphertext, but it puts the plaintext through a simplified cipher to try and deduce what the key is likely to be in the full version of the cipher.
This chapter examines the most common symmetric and asymmetric algorithms in use today, as well as some uses of encryption on computer networks.
The Spartans of ancient Greece would write on a ribbon wrapped around a specific gauge cylinder. When the ribbon was unwrapped, it revealed a strange string of letters.
The message could be read only when the ribbon was wrapped around the same gauge cylinder. This is an example of a transposition cipher, where the same letters are used but the order is changed.
The Romans typically used a different method known as a shift cipher. In this case, one letter of the alphabet is shifted a set number of places in the alphabet for another letter. A common modern-day example of this is the ROT13 cipher, in which every letter is rotated 13 positions in the alphabet: n is written instead of a, o instead of b, and so on.
These ciphers were simple to use and also simple to break. Because hiding information was still important, more advanced transposition and substitution ciphers were required. As systems and technology became more complex, ciphers were frequently automated by some mechanical or electromechanical device. A famous example of a modern encryption machine is the German Enigma machine from World War II. This machine used a complex series of substitutions to perform encryption, and interestingly enough it gave rise to extensive research in computers.
Cryptanalysis, the process of analyzing available information in an attempt to return the encrypted message to its original form, required advances in computer technology for complex encryption methods. The birth of the computer made it possible to easily execute the calculations required by more complex encryption algorithms. Today, the computer almost exclusively powers how encryption is performed. Computer technology has also aided cryptanalysis, allowing new methods to be developed, such as linear and differential cryptanalysis. Differential cryptanalysis is done by comparing the input plaintext to the output ciphertext to try and determine the key used to encrypt the information.
Linear cryptanalysis is similar in that it uses both plaintext and ciphertext, but it puts the plaintext through a simplified cipher to try and deduce what the key is likely to be in the full version of the cipher.
This chapter examines the most common symmetric and asymmetric algorithms in use today, as well as some uses of encryption on computer networks.
Suscribirse a:
Entradas (Atom)
