Our videos have over 5 million views on Youtube! Visit our channel now »
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Interview with cryptographer Tibor Jager on TLS, attacks, and countermeasures

Dr. Tibor Jager is an academic cryptographer, doing research in applied and theoretical cryptography. He teaches computer networks and IT security at Ruhr University Bochum and speaks in various international events on cryptography and cybersecurity.

vpnMentor: In your presentation* you mentioned we still use a TLS protocol that was introduced in 1999. Doesn’t that mean that everything works very well and we can feel secure?
*Attached at the end of this page are Dr. Jager's presentations in a conference at the Center for Research in Applied Cryptography and Cybersecurity of Bart Ilan University, May 2, 2016).

Indeed TLS 1.0 is not bad. We know a few issues with the protocol but we don’t know how to exploit them. It is not that I don’t sleep at night because of the risks, but looking at the objective issues that researchers show, there is some real concern that users can be exploited.

Dr Tibor Jager

Dr. Tibor Jager presenting at BIU, May 02 2016

vpnMentor: You won the “Best Contribution to IETF Award." Tell us about that.

This award was given for significant contribution to TLS 1.3. There were many other contributions that are significant and I would consider stronger than ours. But what made our paper noticeable was that we showed not only the effects on TLS 1.3 but also on X.509 (an important standard for a public key infrastructure). The attack we described is not directly based on a weakness of TLS, but rather on a subtle combination with a deficiency of X.509. The intention of IETF by giving this to us, in my opinion, was to point out some things that can be fixed there as well.

vpnMentor: Germany is known as a privacy advocates nation. What makes Germans such leaders in this subject in your opinion?
It is hard for me to say. As a German, I find it obvious that I should have my privacy online as well. It surprises me that other nations don’t.

vpnMentor: What do attackers try to achieve? Are they in it for the gain or for intellectual achievement?

There are so many types of attackers.

  1. Nation states that want to prevent terrorism, or possibly even to control opinion.
  2. Attackers that want some financial gain, and unlike nation states that want to “read only” maybe, these gain attackers want to also inject information many a time.
  3. And there are some users that are just curious about the use of technology.

vpnMentor: Looking at the skill set required to be a hacker, do you think some of your fellow professors in the academy go back home at night and put on the “Guy Faux mask,” penetrating the Pentagon?

I know my colleagues very well so I’m sure they are not doing this. At first glance, hacking looks very sophisticated and you may think that it requires a skill set that is very outstanding. But once you know how it works, you understand anybody can be a hacker just by watching a few videos on YouTube and reading a few articles.

vpnMentor: What is your opinion on the matter of online privacy vs defending citizens from terrorists?

If I had an answer to this, I would be in politics. It is important to have a good balance but the decision is not easy.

vpnMentor: What tools/browsers are you using differently from your mom?

I’m teaching my mom how to use a web browser in the right way and not give out information. Overall, I’m very careful about what sites I visit and what files I’m downloading.

About the Author

Kristina is an experienced tech writer and researcher with a keen interest in cybersecurity for businesses and the general public.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.