Jump to content
Welcome, welcome! Come in and register, and have some developer coffee. 👨‍💻 ×

What is Post-Compromise Security? Why is it better than Pre-Compromise Security?


Recommended Posts

Perhaps that in most cases, people only know about Pre-Compromise Security which involves hiring tons of security experts to guard a server/network but it's not that effective against insider or skilled malicious hacker as data protection law or non disclosure agreement is likely not going to have a restraining effect on them.

When people talk about post-compromise security, perhaps the first impression that people have in mind is that it's something based on cryptography. That's too narrow in my perspective.
(For example, we if talk on WhatsApp and the server gets hacked, our messages is still secure as WhatsApp can't read the messages. In general this is what people commonly think about when talking about Post-Compromise Security)


Now, let's have a look at what post-compromise security really is. After reading, people might feel that such security model is essentially a model that only "criminals" will use but that's up to people to debate and decide.

The listed approach in Post-Compromise Security is what I can came up with at current time. As time goes on, the approach will increase as well if I have the ability to further educate myself.

https://mrchewitsoftware.com.my/PCS.txt

  • Love 1
  • Thanks 1
Link to post
Share on other sites

@FlierMate, @S. registering at SSM as an online business is not that difficult to begin with, I remember I registered last year's July/August, it's time for me to renew the license as well. The catch is you all know what happens with startup businesses, all has to be start from 0 (no relations, no people can help me), I get rejected by the payment platform that I wished to use also known as Rapyd(Mainly targets for Payout[A developer tool to make paying customers useful]) as I believe the majority of the reason is because I was a startup .. and my website is really not that professional, I am not a good UI/UX designer 😂. I need to replace my service's payment provider from Rapyd to Paypal 🙃. Whether or not I can succeed is still a mystery. 

===How it started====
Perhaps the thought of starting an IT software service(provides PCS solution) starts to boom when I finished my internship one year ago(Diploma student), it was genuinely a wild ride. The problem that I saw during my internship .. is how they decide to deal with customer's data(not encrypted)... and have no common security in place be it in software or be it in their IT department(No Pre-Compromise Security). With this kind of approach.., I don't think NDA(Non-Disclosure Agreement) and data protection law can protect user's data if there happens to be a leak/breach that caused by outsider/insider hacker.. In general, I start to think about whether this needs to either be stop/reduced.. 

As time goes on, it feels like I registered SSM was indeed for fun, I created normal non confidential based database hosting(MySQL), PriSecPay(Web page demo), Single Diffie Hellman Key Exchange Chat Application .. all in ASP.Net Core. This has been the case.. until something strikes me..... I started to get inspired by Edward Snowden.. I started to realized that the mishandling, using and exposure of data(refers to leak/breach) must be stopped as I learnt .. these from western privacy based public interest hacker/activists. 

So why not do something that actually protects privacy as I believed that if one can fulfill it, then by right, their system/network/server will be essentially immune to leak/breach or not very likely targeted by hackers/ransomwares/viruses/malwares (if you are able to understand the document that I posted that's).

As this thought become more and more rooted to my mind..., and that's it .. I created PriSec family solutions(not all are made at the moment, the PriSecFileStorage needs to make some changes to the code[Hopefully only server side was affected as I need to switch from using Rapyd to PayPal]) and learnt language C# and C language interoperability as a final result I am one of the contributor to contribute C# wrapper to open source cryptography library - libsodium (My C# wrapper can be found on nuget if you typed "ASodium" 😄).
=================

Well for the time being.., I think I will resume as a sole proprietorship IT software service solution firm that provides PCS solutions. How long can I last? 😐 I don't really know.
Current plan was to either continue for 1 or 2 more years.

As for why I go with POSS rather than FOSS, OSS refers to Open Source Software/System whereas P refers to paid and F refers to Free. I would like people to find out the reason through this youtube video.

 

  • Love 1
Link to post
Share on other sites

Good luck to your new venture.  Mr Chew as a founder and the self-employed, has shown us strength in taking the initiative to start something cool- while most software houses are aiming at web and mobile dev, you offer solution of cryptography.  At your young age, it needs courage to explore the market and professionalism to deliver services to clients.  

Perhaps you have heard of ransomware attack on a US oil & gas company last few months. The company paid billion of ransom in cryptocurrency in order to unlock the network and resume its business.  US federal agency said unnamed group in eastern Europe or Russia was the culprit.  What do you think of this incident?

Link to post
Share on other sites
5 hours ago, chrono_legionnaire said:

registering at SSM as an online business is not that difficult to begin with, I remember I registered last year's July/August, it's time for me to renew the license as well. The catch is you all know what happens with startup businesses, all has to be start from 0 (no relations, no people can help me)......As time goes on, it feels like I registered SSM was indeed for fun......

 

Hey, I was thinking to join your company in the future if you need somebody for some sorts of help. Well, I am totally a beginner in encryption algorithm so I might need to learn cryptography if I were your staff.  

I took a quick glance last week that Intel CPUs actually have special instruction set to handle hashing and stuff like AES.  Since I am quite OK in Assembly programming, I might as well take an in-depth look at that CPU extension.... 

Link to post
Share on other sites
On 6/25/2021 at 1:25 AM, FlierMate said:

Good luck to your new venture.  Mr Chew as a founder and the self-employed, has shown us strength in taking the initiative to start something cool- while most software houses are aiming at web and mobile dev, you offer solution of cryptography.  At your young age, it needs courage to explore the market and professionalism to deliver services to clients.  

Perhaps you have heard of ransomware attack on a US oil & gas company last few months. The company paid billion of ransom in cryptocurrency in order to unlock the network and resume its business.  US federal agency said unnamed group in eastern Europe or Russia was the culprit.  What do you think of this incident?

I wasn't quite sure regarding this but based on what I know .. no country is not responsible for this.. In 2011, an incident had been revealed on a famous MNC located in USA called RSA(yup u get the idea.., RSA as in public key encryption). A heavy and serious sponsored China Chinese cyber attacks had been conducted by their state hackers which results in a serious leaks/breaches. Several weeks after the breach/leak, they(the RSA MNC) apologizes for the incident. The story can be seen here: https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/ 

During my time as a college student in my local college(IKIP), github.. was also hit by China Chinese hackers as they(github) received a heavy DDOS attack on their website.

Ironically.., based on some of the China Chinese netizens that I interact with .. they said they are not responsible for these kinds of attacks? Coincidence ? Maybe not.. From an objective point of view, these attacks might be from their government not from their citizens(if they have objective view to begin with)..

I did heard of ransomware attack becoming more and more serious nowadays not only from the companies you listed. I was expecting if this has something to do with those companies who gets hit by these ransomwares probably because of their actions/policies? I mean I am not an expert in this field but this is a problem that many corporate/company/businesses need to face if they reached MNC scale.

Link to post
Share on other sites
On 6/25/2021 at 4:15 AM, FlierMate said:

Hey, I was thinking to join your company in the future if you need somebody for some sorts of help. Well, I am totally a beginner in encryption algorithm so I might need to learn cryptography if I were your staff.  

I took a quick glance last week that Intel CPUs actually have special instruction set to handle hashing and stuff like AES.  Since I am quite OK in Assembly programming, I might as well take an in-depth look at that CPU extension.... 

I don't mind if people want to join me, it's just that I wasn't quite sure if what I am doing give you satisfaction or you are interested in it because I don't have $$ LOL. Besides.., my journey as a sole proprietorship business is uncertain 🙃.  If chances present itself and u did joined me in future, feel free to get "pressured" by me due to my requirements will become higher if I have the ability to further educate myself.

  • Haha 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...