SealSign integration with the Azure Key Vault

Thursday, November 30, 2017

ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based on HSM, with a high degree of security, scalability and performance.

SealSign integration with the Azure Key Vault


The use of secure cryptographic hardware or HSM (Hardware Security Module) provides a very adequate mechanism to safeguard and protect keys (in the fashion of a safe-deposit box). However, the cost and complexity related to installation and configuration hinder greater adoption of this hardware. For this reason, some as-a-service solutions have emerged, such as the Azure Key Vault, which offer the possibility of using HSMs as one more service within a public cloud.

Dumpster diving in Bin Laden's computers: malware, passwords, warez and metadata (II)

Tuesday, November 28, 2017

What would you expect from a computer network that belongs to a terrorists group? Super-encrypted material? Special passwords? The Central Intelligence Agency (CIA) on 1 November 2017 released additional materials recovered in the 2nd May 2011 raid on Bin Laden's compound in Abbottabad, Pakistan.  We have seen some news about movies, porn, games and several other stuff stored in those computers. But we will go further. We will focus on the security aspects of its 360 GB zipped information. Did they use passwords? Proxies? Encryption? Any special software?

A few hours after releasing the raw information from the hard drives from at least three computers found there, the CIA removed the content due to "technical" issues. 8 days later, they released the data back but now all Office documents were converted to PDF and EXE files were "deactivated" removing their headers for "security reasons".

Dumpster diving in Bin Laden's computers: malware, passwords, warez and metadata (I)

Monday, November 27, 2017


What would you expect from a computer network that belongs to a terrorists group? Super-encrypted material? Special passwords? The Central Intelligence Agency (CIA) on 1 November 2017 released additional materials recovered in the 2nd May 2011 raid on Bin Laden's compound in Abbottabad, Pakistan.  We have seen some news about movies, porn, games and several other stuff stored in those computers. But we will go further. We will focus on the security aspects of its 360 GB zipped information. Did they use passwords? Proxies? Encryption? Any special software?

A few hours after releasing the raw information from the hard drives from at least three computers found there, the CIA removed the content due to "technical" issues. 8 days later, they released the data back but now all Office documents were converted to PDF and EXE files were "deactivated" removing their headers for "security reasons". 

The Data Transparency Lab strengthens its work on data transparency after investing over one million euros in three years

  • Barcelona becomes the permanent headquarters of the DTL Annual Conference, which will take place from 11 to 13 December.
  • The DTL is a clear example of the various innovation projects that Telefónica develops at its headquarters in Barcelona.
  • The Laboratory is currently sponsoring research groups of prestigious universities such as Princeton or Berkeley.

Barcelona, 22 November 2017.- The Data Transparency Lab (DTL), created and promoted by Telefónica to carry out research in the field of transparency in the use of data in the digital environment, has established itself as a reference in its sector after making an investment of over one million euros in new applications and programs since its creation in 2014.

Security and electronic signature for any enterprise

Thursday, November 16, 2017

ElevenPaths, Microsoft and Gradiant have collaborated to allow companies to benefit from an advanced platform for electronic signatures and digital certificate safekeeping, integrated with a cloud service for HSM devices, through a simple pay-for-use model.



Guaranteeing confidentiality, integrity and access to information is the main objective of cyber security. The level of protection required varies according to each organization’s needs and the legal or normative requirements of the applicable sector.

#CyberSecurityPulse: The Last Disaster of Ethereum's Most Important Wallets

Monday, November 13, 2017

It is estimated that 587 wallets with around 513,774.16 ethers have been frozen after an anomaly in one of Ethereum's most important wallets was detected. Parity Technologies, a company focused on the development of software specialized in peer-to-peer solutions, published the security alert on November 8, stating that they had detected a vulnerability in the Parity Wallet library contract of the standard multi-sig contract. Specifically, the company considers that those affected are those users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.

Following the fix for the original multi-sig vulnerability that had been exploited on 19th of July, a new version of the Parity Wallet library contract was deployed on 20th of July. Unfortunately, that code contained another vulnerability which was undiscovered at the time - it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function.

New tool: SKrYPtEd, your Skype conversations local database protector

Monday, November 6, 2017

Did you know your Skype conversations are stored in plaintext in your hard drive? Did you know anyone could just grab them with some kind of malware and upload it to a server of his own with a simple malware in just a second. Literally. SKrYPtEd is a service that runs in your Windows and keeps your database encrypted with a password. You do not need to enter your password every time Skype is used. SKrYPtEd encrypts the messages every time Skype is closed, and do not decrypt them when Skype runs unless you decide it with your password. So, unless you need to check for old messages on a daily basis, it is quite transparent for you. And if you do, it is just about typing a password to get your old messages back.

Skype stores database in plaintext in your profile. It is a SQLite database with lots of data. SKrYPtEd just encrypts the text of the messages so every metadata is kept. It protects from local or remote attacks if an attacker would be interested in conversations by grabbing or sending this database somewhere.