Avast Battery Saver quickly and easily helps you to save your Android’s battery life Mobile devices are currently evolving at an exceptional rate. Processor speed, display quality and connectivity options have changed dramatically over the past few years. However, battery capacity still seems to be struggling to keep up with the evolving capacity needed to […]
Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds.Summary: Mi…
Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of a defense-in-depth update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider …
summary
Did you know this month was “couple appreciation month”? Let’s use this as an opportunity to explain in simple words how the security of an online transaction relies on a happy, inseparable couple: a public key and a private key.
Public keys and private keys are part of a general structure we call PKI – Public Key Infrastructure. The SSL and TLS protocols, which are globally used to secure not only websites, but also emails and web applications, are based on this structure. So we might as well say that there are thousands and thousands of public and private keys in operation right now around the world!
Keys are used in algorithms to encrypt and decrypt data. You may think the same key is used to encrypt and decrypt, but there’s a twist: there are algorithms in this world which are able to encrypt data with one key… and decrypt it only with the help of another key! Magical, isn’t it? (For those who don’t believe in magic, you can read more about trapdoor functions here). In the case of SSL, one key – the public key – is used to encrypt data; only the corresponding private key can decrypt it. What a lovely (and useful) couple.
In the SSL protocol, public keys and private keys are generated by servers. The private key remains locked and secure in the server, while the public key is pinned to the server’s SSL certificate. Whenever a browser connects to the server, the server sends its SSL certificate which contains the public key. The browser can then use this public key to encrypt data and send it to the server, which is now the only one able to decrypt such data thanks to its private key.
Both keys are inseparable, and of course each pair is unique: the public key belongs to its corresponding private key and only to this one.
Public and private keys are essential to the security of our exchanges. Thanks to them, we don’t have to worry about someone eavesdropping on our conversations. But there is still a major issue: what if a hacker intercepts the server’s public key, and sends their own public key instead?
What guarantees the browser that the public key received is actually the public key from the server it wanted to reach? This is why Certification Authorities like Symantec play an essential role: CAs authenticate servers and their public key through a unique document called the SSL certificate!
If you’re curious about SSL and more specifically about how SSL certificates work, you can find more
Mobile is attractive to cybercrooks Our mobile phones are fantastic little devices — these days, they’re as powerful and can accomplish nearly all the things a regular computer can. While this is convenient for us, it also gives cybercrooks a relatively easy in-road to your private data and financial information. As 2015 rolls along, consumers […]
Infrastructure owned by the Simda botnet (also known as Rloader) has been seized in an Interpol-led law enforcement operation.Read More
Notice: Coming updates will affect remote command capabilities in past versions of Avast Anti-Theft. Manually update Anti-Theft to stay protected. Due to coming changes in push notifications, previous versions of Avast Anti-Theft will no longer be able to receive commands from your my.avast.com account. If your applications are automatically updated from Google Play, it’s not necessary […]
Ransomware attackers have resorted to reviving a very old attack vector, the malicious Word macro.Read More
Recently we told you about malware inside of Google Play and we also alerted you to the resurrection of Simplocker, a dangerous ransomware that has started its second infection wave. Hopefully, you are convinced that you need to seek a top security application for your Android device. It’s just not safe out there any longer. […]