Dyadic in the News
|Pumpkin-Spiced Cybersecurity: October is National Cyber Security Awareness Month
September 27, Bloomberg BNA
Repeated reminders of the cybersecurity boogie man, ways to protect personally identifiable information, and advertisements for products to fight hackers, can lead to security fatigue, which in turn may lead to risky computing behavior. “Rather than combating or alleviating security fatigue, organizations should focus on how to take the security burden off of employees as much as possible,” said Guy Peer, vice president of research and development and co-founder at Dyadic Security.
|Israeli cyber-security firms seek to bolster defenses of UK banks, insurers
September 10, 2017, Times of Israel
UK banks, insurers and telecom companies will be looking to Israel for cyber-security solutions this week, as part of an effort by the British government to increase the protection of companies and institutions from cyberattacks. The program will take place in London on 11-14 September, and is set to include pitching and networking events, tours to tech companies, meetings with potential investors and government officials.
|Dyadic Security Raises $12 Million to Help Enterprises Virtualize Crypto With Hardware-Level Security Standards
March 14, 2017, PR Newswire
Investment round led by Goldman Sachs Principal Strategic Investments, along with Citi Ventures and Eric Schmidt’s Innovation Endeavors. Dyadic Security (Dyadic), the world leader in Software-Defined Cryptography (SDC), announced today the completion of a $12 million Series B funding round led by Goldman Sachs Principal Strategic Investments, Citi Ventures and Eric Schmidt’s Innovation Endeavors. The funding round will be used to expand Dyadic’s sales and marketing operations in North America. As part of the investment, Innovation Endeavors’ Yuval Shachar has been named Chairman of the Dyadic Board of Directors. “Dyadic has changed the game for financial institutions and enterprise companies in how they protect sensitive data assets,” said Avner Mor, CEO and Co-founder of Dyadic. “Based on decades of research in Multiparty Computation (MPC), our MPC-based technology helps our customers overcome the tremendous security and compliance challenges they face as they make the transition to a cloud-based infrastructure.”
|10 Powerful Examples of Artificial Intelligence in Use Today
January 10, 2017, Forbes
In a conversation with Nigel Smart, founder of Dyadic Security and Vice President of the International Association of Cryptologic Research, a Professor of Cryptology at the University of Bristol and an ERC Advanced Grant holder, he tells me that quantum computers could still be about 5 years out. Smart tells me that: “…all of the world’s digital security is essentially broken. The internet will not be secure, as we rely on algorithms which are broken by quantum computers to secure our connections to web sites, download emails and everything else. Even updates to phones, and downloading applications from App stores will be broken and unreliable. Banking transactions via chip-and-PIN could [also] be rendered insecure (depending on exactly how the system is implemented in each country).“
|FBI, Apple battle may leave lasting legacy
March 23, 2016, CSO Online
“Cryptography exists,” said Yehuda Lindell, co-founder and chief scientist at Dyadic Security and author of the widely-used textbook “Introduction of Modern Cryptography.” “You can open my textbook and read it and now you will know how to write your own code and protect yourself.”
|Biometrically challenged: three-factor authentication systems too weak for web banking
March 22, 2016, SC Magazine
Also keen to voice an opinion on this subject was Oz Mishli in his role as VP of product at Dyadic Security. Mishli spoke to SC to say that biometrics, like any other security solution, is not a silver bullet. “In many cases it does offer considerable UX and security benefits over the traditional passwords, particularly for mobile banking.”
|DROWN Security Flaw Is Bad, But It’s Not Heartbleed or OpenSSL’s Fault
March 2, 2016, The VAR Guy
Yehuda Lindell, founder of security company Dyadic, perhaps put it best. “This is not another heartbleed in the sense that heartbleed was incredibly easy to exploit,” he told The VAR Guy, adding that DROWN “is a very serious attack, but can be prevented quite easily.”
|Report: 3.5 Million HTTPS Servers Vulnerable to DROWN
March 2, 2016, Tech News World
DROWN is a serious attack, but it can be prevented quite easily using measures that were recommended to server operators and system administrators a long time ago, according to Yehuda Lindell, chief scientist at Dyadic. That involves disabling SSLv2 and even SSL v3.
|What you need to know about Apple’s fight with the FBI
February 18, 2016, Engadget
Cryptography researcher Dr. Yehuda Lindell also believes it’s possible to get into the phone, but it could be expensive and leave Apple open to security risks. “It may also involve finding new flaws to exploit in the current system,” he told Engadget. “The problem is that once this is done, then it can be used again. In actuality, the mere knowledge that it was done will make it easier for others to find out how,” he added.
|Apple could break into its iPhones in an afternoon, say experts
February 17, 2016, USA Today
Cryptography expert and co-founder of Dyadic Security, Yehuda Lindell, speaks to USA Today on the how long it would take the FBI to crack a password if the self-destruct mechanism were disabled, “If it were four digits, that’s about 10,000 possibilities and you only need seconds to get in. If it’s six digits, which is one million possible combinations, maybe it’s a few minutes.”
|4 Essential Startup Steps You Shouldn’t Overlook
February 1, 2016, Business News Daily
Entrepreneurship is one of the most rewarding career choices you can make, but it’s also one of the most difficult. Dyadic CEO, Avner Mor, shares insights to help would-be entrepreneurs stay on the right path.
|Want to solve GCHQ’s Christmas puzzle? Team up
January 29, 2016, The Guardian
Dyadic co-founder, Dr. Nigel Smart, talks about the GCHQ puzzle was a way to raise the profile of the agency’s cybersecurity work while trying to recruit new cryptological minds.
|Think You’re More Secure than Instagram?
January 29, 2016, IT Briefcase
A Cyber Security Q&A with Dyadic Chief Scientist Yehuda Lindell. IT Briefcase sat down with Dr. Yehuda Lindellto focus on two of Instagram’s recently reported vulnerabilities that can be found in nearly every company today.
|GCHQ-developed phone security ‘open to surveillance’
January 23, 2016, BBC News
Dyadic co-founder, Dr. Nigel Smart, weighs in on the new security protocal being used to encrypt VOIP calls.
|The Changing Face Of Encryption: What You Need To Know Now
December 30, 2015, Dark Reading
Yehuda Lindell, Dyadic Security co-founder and chief scientist, contributes an article on the state of encryption today and offers five tips based on up-to-date best practices on encrypting data in your organisation.
|Security researchers prepare for the ‘New normal’ post-CISA
December 22, 2015, SC Magazine
Security researchers are preparing for the new normal that they will soon face in light of the cybersecurity legislation that was signed by President Obama last week. Now, researchers are bracing for the new challenge that an environment of automated information sharing would bring to an already challenging role.
|Cybersecurity Checklist for Online Retailers This Holiday Season
December 15, 2015, Total Retail
Dyadic CEO offers an invaluable security checklist to retailers to help promote a safe and confident shopping experience for their consumers and to preserve revenue and reputation for their brands.
|Librarians join privacy groups, as industry sources react to cybersecurity draft
December 10, 2015, SC Magazine
Yehuda Lindell, Dyadic Security co-founder and chief scientist, warned about the prospect of government backdoors and de-encrypting technologies. He warned that once back doors are created for use by government authorities, it is much easier for hackers to access sensitive information by hacking the key to back doors.
|SC Magazine EBook on Application Security
November 30, 2015, SC Magazine
Irene Abezgauz, product vice president at Dyadic, a New York-based firm which offers a software-only solution for protecting organizational secrets, agrees that all these challenges make protection of enterprise applications “a complex task.” Code that was tested for security today will be changed by next week or the next day, she says, so there’s a great need for ongoing security testing to constantly maintain a high level of security. In addition, with the growing lack of a network perimeter, the differentiation between friend and foe becomes much harder to identify, Abezguaz says.
|Crytographic Key Reuse Exposed, Leaving Users at Risk
December 1, 2015, SC Magazine
Using hardcoded private keys is a security disaster, according to Dr. Yehuda Lindell, co-founder and chief scientist at Dyadic. Lindell sees a number of reasons why the private keys may have been left exposed and reused by multiple vendors.
|Microsoft CEO Nadella unleashes security-first initiative
November 18, 2015, SC Magazine
Dyadic Security co-founder and chief scientist Yehuda Lindell told SCMagazine.com that Microsoft’s security capabilities have “without a doubt” improved significantly in recent years.
|Cybersecurity after the Paris attacks: Info-sharing in the spotlight
November 18, 2015, SC Magazine
Dyadic Security co-founder and chief scientist Yehuda Lindell told SCMagazine.com there are “many things would make the job easier for law enforcement agencies,” including an ability to walk into anyone’s house at any time or search any car with or without cause. Lindell called the argument that private companies must provide access to unencrypted information to law enforcement and intelligence agencies “a joke,” since terrorists already encrypt their communication. “So you end up in a situation where the criminals encrypt their information and all of the rest of us do not,” he added.
|E-Commerce Security: What Every Enterprise Needs to Know
November 2015, Dark Reading
“If a cybercriminal can steal the secret keys that are used to encrypt user data and credit card numbers, then the encryption no longer helps,” Lindell observes. “The data can be stolen as well. It’s like locking the door and keeping the keys under the doormat. Make sure no single individual—either inside employee, or an attacker for this matter—has full access to the encryption keys.”
|Dyadic – Product of the Week
October 26, 2015, Network World
Powered by a multi-party computation (MPC)-based engine, Dyadic delivers powerful encryption, authentication and key protection. Organizations of all sizes can easily achieve effective, distributed protection of keys, credentials and data in any IT environment.
|SECURITY COMPANY’S CRYPTOGRAPHY PLAY AIMS AT TECH FIRMS, FINANCE
October 23 2015, Fast Company
“The company’s Crypto Suite product,” says CEO Avner Mor, “Is aimed at the software, financial, and health care industries.” According to Mor, a major part of the system is the fact that it can protect secret, sensitive cryptography keys. In some contexts, it extracts information from data without actually accessing files, which is an advantage for very security-sensitive industries like finance.
|Mozilla may reject SHA-1 certificates six months early
October 21, 2015, SC Magazine
“This is a matter of risk management, and it is bad risk management,” Yehuda Lindell, chief scientist at Dyadic, told SCMagazine.com. “In the end, we will all pay the price because of it,” he added.
|Dyadic Protects Organizational Secrets and Sensitive Data with Comprehensive New Crypto Suite
October 21, 2015, Business Wire
Renowned cryptography professors transform multi-party computation research into technologically superior, easy-to-use encryption, authentication and distributed key protection solutions.
|Proposed cyber ‘squadron’ cultivates military-private partnerships to address cyber threats
October 15, 2015, SC Magazine
Dyadic co-founder Dr. Yehuda Lindell echoed this sentiment. After researchers published a report demonstrating that it is possible for hackers to replicate a SHA-1 certificate for as little as $75,000 to $120,000, Lindell told SCMagazine.com the private sector is “waiting for actual damage to be inflicted before transitioning out of it.”
|Why Verizon’s “zombie cookies” are scarier than ever
October 12 2015, CIO Magazine
“The tokens Verizon passes to advertisers are not encrypted, according to Yehuda Lindell, chief scientist of Dyadic Security, an Israeli security firm. If they’re intercepted, the information is there to be read. Advertisers that receive tokens won’t be able to link the information to specific users, but Verizon can, because the carrier has detailed information on its customers, Lindell says. Even if we assume that Verizon won’t do anything untoward with the information, its network could be hacked, and the unencrypted data could fall into the wrong hands, according to Lindell.”
|Researchers say SHA-1 will soon be broken, urge migration to SHA-2
October 10, 2015, SC Magazine
Dr. Yehuda Lindell, chief scientist and co-founder of Dyadic, believes a full break of SHA-1 is just on the horizon. “I am convinced that large organizations (or governments) have already found collisions in SHA-1, Lindell said in a statement emailed to SCMagazine.com. “Attacks have been known for many years, but they are too costly for academic groups to carry out. Thus, no publicly published collision has been found. However, this does not mean that those with more means have not found them.“
Lindell concurred that a switch to SHA-2 should be fast tracked, but expressed dismay that the migration probably wouldn’t come soon enough. “There is no doubt that SHA-1 must be replaced immediately,” he said, explaining that, “industry is typically much too slow to make these changes, and so I expect that it will only happen after concrete attacks and damage have been inflicted.”
|Researchers steal secret RSA encryption keys in Amazon’s cloud
October 6, 2015, Network World
Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” He says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
“Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control. This specific attack may be prevented by appropriate patching, as its 2009 predecessor was. However, the type of attack is almost impossible to completely prevent,” Lindell says.
Then of course there are a variety of security products on the market as well targeting this issue. Dyadic, where Lindell is chief scientist, has developed a way to spread encrypted keys out across multiple hosts, so that essentially no one single VM has all of the keys.
|Amazon Downplays New Hack For Stealing Crypto Keys In Cloud
October 2, 2015, Dark Reading
Yehuda Lindell, chief scientist and co-founder of encryption technology vendor Dyadic says the proof-of-concept developed by the WPI researchers shows how side-channel attacks make it possible for one process to steal a secret key held by another process.
“In order to carry out such an attack in the cloud, you first need to know that you are co-located on the same physical machine as a VM with the target application,” Lindell says. “This paper shows new ways of detecting collocation, and then methods for stealing the key using the side channels.”
|Cutting-edge hack gives super user status by exploiting DRAM weakness
March 10, 2015, ARS Technica
In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.
|Mapping Israel’s Cyber-Security Startups
August 10, 2015, Tech Crunch
As most readers know, Israeli high tech is much more of a general scientific and entrepreneurial renaissance than an extension of Israel’s military industrial complex. While many CISOs and corporate executives are familiar with Israeli cyber talent owing to Check Point, Imperva, CyberArk and other notable security success stories, the sheer scope of Israeli startup activity in the cyber sector is staggering. We have prepared the Israel CyberScape a general resource for CISOs, corporate development executives and investors keen on exploring Israeli cyber security. It includes 150 startup companies divided into 10 market segments.
|Breakthrough in MPC cryptography could make cloud computing more secure
September 11, 2013, Business Cloud News
A recent breakthrough in multi-party computation (MPC) cryptography may result in a “sea change” in computing security according to Peter Scholl, a researcher in the Cryptography and Information Security group at the University of Bristol.
|Breakthrough in cryptography could result in more secure computing
September 9. 2013, ScienceDaily
The SPDZ protocol (pronounced “Speedz”) is a co-development between Bristol and Aarhus and provides the fastest protocol known to implement a theoretical idea called “Multi-Party Computation.” The idea behind Multi-Party Computation is that it should enable two or more people to compute any function of their choosing on their secret inputs, without revealing their inputs to either party. One example is an election, voters want their vote to be counted but they do not want their vote made public.