CyberPoint Blog

We not only protect what’s invaluable, but we write about it too.

Protecting Legacy Encryption from Quantum Computing: A Possible Solution

Protecting Legacy Encryption from Quantum Computing The advent of quantum computing (QC), if it happens, will break nearly every practical application of cryptography in use today, making e-commerce and many other digital applications insecure.

Symmetric algorithms used for encryption, like AES, are still thought to be safe (with sufficient key length – e.g. AES-256 or larger); however, current asymmetric algorithms like RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) will be rendered essentially useless once quantum computers reach a certain scale.

Therefore, much encrypted information that is around today, or over the coming years, will probably be susceptible to decryption one day in the future once quantum computers are generally available (if they will be available at all). The challenge is particularly severe for governments, who have large amounts of secret data with a long "intelligence life" – i.e. it needs to be kept secret for 25 years or more for national security reasons. Protection of this legacy data is not a simple problem, because of both the complexity (this data has been encrypted over the years with a menagerie of cryptographic tools) and the sheer volume of data to be protected.

Mathematicians within academia and government are working on a number of candidate "quantum-resistant" algorithms that cannot be broken using quantum computers; these algorithms comprise what is known as post-quantum cryptography.

Read more »

An alternative approach to quantifying cyber risk using comprehensive attack surface evaluation assessments and Value-at-Risk modeling.

Posted May 15, 2019 by Tracy Martin

An alternative approach to quantifying cyber risk using comprehensive attack surface evaluation assessments and Value-at-Risk modeling. Organizations have an imperative to protect the data that has been entrusted to them, as well as securing their digital borders against business-interrupting intrusions. The legal landscape regarding accountability for data breaches continues to develop, but it has become clear that regulators, lawmakers, and the public will hold the breached entity responsible for a cyber event and the loss of data. This trend means that a cyber event of any type has the potential to negatively affect an organization's revenue and reputation.

Continue reading

Worst-Case Complexity of Ford-Fulkerson

Posted July 10, 2018 by Riva Borbely

Worst-Case Complexity of Ford-Fulkerson Ask a computer scientist the worst-case complexity of the Ford-Fulkerson algorithm1 with integral edge capacities, and you'll likely get the answer of O(E*|f|), where E is the number of edges in the graph, and |f| is the capacity of the maximum flow, f, that the algorithm seeks to find. Indeed, that would have been my answer, as well. Until I tried to exploit that worst-case behavior.

Continue reading

Cyberspace — the Next Utility Infrastructure

Posted November 13, 2017 by Rich Arnold

Cyberspace — the Next Utility Infrastructure Note: This White Paper represents the exploratory thoughts and analysis of the author; the assertions and recommendations are provided for consideration and validation by our industry, academic, and government partners. The opinions expressed herein may not be the same as those held by the owners, investors, or other executives of CyberPoint who were not involved in the writing of this White Paper…but they should be! .

Continue reading

Accelerating Capabilities Acquisition Through OTAs and PIAs: A Contractor Perspective

Posted November 7, 2017 by Rich Arnold

Accelerating Capabilities Acquisition Through OTAs and PIAs OTAs (Other Transaction Agreements) are appropriate when you want prototypes (demos, validation, feasibility) of innovative capabilities directly relevant to weapons or weapons systems, and directly related to mission effectiveness (of personnel and supporting platforms, or by improvement of platforms/systems/components thereof).

Continue reading

Malicious Browser Extensions

Posted August 25, 2017 by Zach Miller

Using Compression to Compare Objects As we do more and more of our day-to-day tasks online, our web browsers have become an irreplaceable tool for many people. Often, we decide to augment the default behavior of these browsers with browser extensions to provide custom functionality to our browsers in order to make the tasks that we perform online easier.

Continue reading

Using Compression to Compare Objects

Posted April 13, 2017 by Riva Borbely

Using Compression to Compare Objects In my previous blog post, I discussed our endeavor to benefit from unsupervised learning on CyberPoint's malware dataset. One of the more intriguing tools I played with during that effort was the normalized compression distance (NCD).

Continue reading

Learning in the Dark: Lessons Learned in Unsupervised Learning

Posted December 7, 2016 by Riva Borbely

CyberPoint has seen great success in using supervised machine learning for malware detection. A while back, however, some colleagues and I set out to investigate whether we could make any interesting discoveries by applying unsupervised learning to CyberPoint's malware dataset.

Continue reading

Logging Keystrokes with Event Tracing for Windows (ETW)

Posted October 22, 2016 by Nate Rogers and Stan Chua

Logging Keystrokes with Event Tracing for Windows As a follow-up to our talk at Ruxcon, "Make ETW Great Again", we wanted to go into a bit more depth than we could cover in our hour long talk. While our talk consisted of multiple examples of ETW usage, detecting ransomware, USB Keylogging, and sniffing SSL encrypted data from WinINet (our code can be found here:

Continue reading

The Human Interface Device (HID) Attack, aka USB Drive-By

Posted October 18, 2016 by Mark McLarnon

The Human Interface Device (HID) Attack As a part of our effort to educate, assess and train (EAT), we want to highlight a physical host attack technique that is extremely cheap and simple to pull off, and unfortunately yields a significant return for the attacker if successful. The technique is commonly referred to as a "Human Interface Device (HID) attack" or a "USB drive-by".

Continue reading

Software Defined Security at CyberPoint

Posted September 23, 2016 by Zach Miller

Software Defined Security at CyberPoint Software-defined networking, commonly referred to as SDN, has received a lot of press recently regarding both the technology itself and the impact that it will have in the networking world. At CyberPoint, being a cyber security company, we got curious and decided to take a look at the impact that SDN could have on security.

Continue reading

The Minimum

Posted May 6, 2016 by Rich Arnold, CRO

The Minimum "If the minimum weren't good enough, it wouldn't be the minimum."

It's not just a rationalization of laziness. It's often the correct approach to compliance with externally mandated cyber security requirements.

Continue reading

Looking for a job?

Browse all of our available careers to find a job that suits your specific career interests. Or, if you aren't quite ready to change careers but are interested in CyberPoint, stay connected with us!

Contact Us

Let us know if you are interested in working with us, for us, or if you just want to learn more about us.