What is YTQ?

Read Time:2 Minute, 15 Second

What is CRQC?

Widespread interest in quantum computing continues to expand as computer innovators, scientists, and technology industry leaders vie to position themselves at the top of the pack for quantum computing prowess.  As the buzz continues, I’d like to discuss Cryptographically Relevant Quantum Computers (CRQC) in simple terms.

A CRQC uses quantum mechanical phenomena to quickly solve difficult mathematical problems a classical computer cannot or would take years to complete; additionally, if or when a CRQC is achieved, it will have the calculation skill to break today’s public-key cryptography leaving web based digital communications compromised. 

One of the first lessons I learned from a cybersecurity architect is to never do the same thing when it comes to cybersecurity. Cybersecurity practices should continually change according to evolving threat applications and vulnerabilities. Nonetheless, for the last 30 plus years the US has relied on public-key cryptography to secure digital data globally. With the date looming for CRQC to hit the market, the US is now in a race to replace a decades old standard of encryption to protect vital data.

What is Y2Q?

Years to Quantum (Y2Q) refers to the unknown number of years before there is a CRQC. Quantum systems are now being used and select organizations are providing cloud-based access to these systems for testing and research purposes; however, quantum computers currently in use are not CRQC.  From this point forward we will refer to quantum systems that emerge post Y2Q as CRQC.

As quantum computing evolves and the technology for CRQC comes to reality, no single entity can pinpoint a precise date when CRQC will make an impact on the worlds IT infrastructure.  Speculation ranges from five to 25 years and various organizations have developed Y2Q countdown clocks, arbitrarily specifying date ranges up to 2034, as the deadline by which the world must upgrade its IT infrastructure to meet the Y2Q threat.

Conclusion

As the world awaits Y2Q, government entities and cybersecurity managers, along with medical, telecom and bank industries are generating play books/plans and contingencies to defend against CRQC. While CRQC will pose a considerable threat to enterprises in the future, a wide variety of contingencies are emerging to develop advanced CRQC solutions to alleviate the threat.

While the full range of quantum computer applications steadily grows, it is nevertheless clear that America’s continued technological and scientific leadership will be subject to its ability to sustain a competitive advantage in quantum computing information and systems. Critical infrastructure, security protocols, internet banking in addition to military and civilian communications could be threatened.

Is the United States postured to solidify its role as a world leader in its approach to Y2Q?

Read More

CVE-2020-36610

Read Time:16 Second

A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.

Read More

CVE-2020-36609

Read Time:23 Second

A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.

Read More

Microsoft’s rough 2022 security year in review

Read Time:55 Second

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year.

January: A bad start for on-premises Microsoft Exchange Server vulnerabilities

It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.

To read this article in full, please click here

Read More