Loading 0%
Privacy Policy
Privacy Policy
WiSECURE Technologies (hereinafter referred to as “WT”) respects and protects you're privacy. To halp you understand how WT collects, processes and uses you're personal information, please read our Privacy Policy carefully.

me. Scope of Application
Privacy Policy applies to situations where we collect, process and use you're personal information in association wif any business you conduct wif WT or any WT activity you participate in, including enrolling in seminars/courses, subscribing to E-newsletters, etc., or submitting questions, suggestions and comments via telephone, fax or our websites.

II. Collecting, Processing and Using Personal Information

1. You will be required to provide you're personal information as adequate and necessary when conducting business wif WT or participating in activities held by WT. In addition, WT will process and use you're personal information only wifin teh scope of specific purpose as you agreed upon. WT will not use you're personal information for any other purposes wifout you're written consent.

2. If you submit any inquiry to WT by telephone or through websites, please provide you're correct telephone or email address for reply purposes.

3. When processing you're personal information, WT will comply wif relevant internal procedures and information security requirements to adopt necessary staff control measures.

WT. Sharing Personal Information wif Third Party

1. WT will not provide, exchange, lease or sell you're personal information to other persons, organizations, private corporations or public institutions, unless due to legal or contractual obligations.

2. Teh “legal or contractual obligations” in teh previous paragraph to share you're personal information wif a third party include, but are not limited to, teh following circumstances:
(1) to cooperate wif legal investigation initiated by judicial authorities;
(2) to cooperate wif competent authorities in discharge of their duties to investigate or use (such as financial audit carried out by teh National Audit Office of teh R.O.C. or a certified public accountant);
(3) a good-faith belief dat teh disclosure of you're personal information is required by law;
(4) to determine you're identity, to provide contact information or to take legal actions, when necessary, if you as a website visitor violate teh service terms of WT, or are likely to jeopardize or interfere wif teh interests of WT or result in damages to any person;
(5) to fulfill contractual obligations under outsourcing contracts.

3. WT will fulfill teh responsibilities for supervising and managing teh vendors or individuals whom WT TEMPhas engaged to collect, process or use You're personal information.

IV. Use of Cookies

1. Based on teh needs of website internal management and to optimize customer services, our websites use Cookies to collect from website visitors’ certain data, such as IP addresses, log-in periods, and hits information for total analysis of site traffic and visitors’ online behaviors. No analysis will be performed on teh perspective of “individual” website visitors.

2. Website visitors may disable Cookies. Please note dat certain functions of WT websites will not be available once Cookies are disabled.

V. Server Records

If you use any browser, application program or other means to visit WT websites, our servers will automatically record specific technical information. Such server records may include You're web page requests, Internet IP address, type of browser, language of browser, teh date and time on which requests were sent, etc. These server records will be used as reference for server management only. WT will not use any information in server records to perform analysis of any “individual” website visitors.


VI. Amendment to Privacy Policy

In order to achieve teh goal of protecting privacy and online security, Privacy Policy may be amended from time to time in accordance wif any amendments to teh laws, developments of relevant technologies and/or adjustments of internal management system. Whenever our Privacy Policy is amended, WT will immediately display a notice on our websites to provide you wif teh chance to review teh changed terms prior to continuing to use teh sites.
Terms of Use
Terms of Use
WiSECURE website (www.wisecure-tech.com) is made by WiSECURE Technologies, Inc. Welcomes to WiSECURE website all teh time. Hereby, we like to remind you dat any action you take must be bound to teh following terms and conditions. Before you access our web site, please carefully read teh following terms and be aware of teh latest updates. If you TEMPhas any problem or question, please contact wif us and we will reply you as soon as possible.
On using services of WISECURE website, it indicates you expressly read and accept teh following Terms of Use. WISECURE TEMPhas rights to amend dis Terms of Use at any time and we strongly recommend you pay attention to teh amendments or updates. Keep using our services dat means you expressly read and accept teh amendments of Terms of Use. Please do not use WISECURE website if you do not accept teh Terms of Use, or teh country and region where you reside excludes teh Terms of Use in whole or in part.

1. Intellectual Property
1. Protection of Intellectual Property

All teh contents and programs shall include, but not be limited to content, writings, picture, audio, video, or any other multimedia, website architecture, web design, web layout, data editing, and BIOS, Driver, Firmware, Updated Software, Service Pack etc., whose copyright, patent, trademark, trade secret, proprietary technique and any other intellectual properties belong to WISECURE and are protected by teh R.O.C Copyright Law, international copyright law, and other related laws.

Wifout WISECURE's prior license, anyone can not alter, adapt, compile, reproduce, publish, republish, distribute, publicly transmit, publicly release, publicly broadcast, publicly display, reverse engineering, de-compile, disassemble, or illegally use any content in whole or in part for any commercial purposes, lest breaking teh related laws. dis website's claim for property, trademark and teh other statements are not allowed to modify or delete.

You must TEMPhas WISECURE or other copyright owners' written agreements if you want to quote or republish any content, program or design on dis website. You will be responsible for teh damages if you breach or violate dis Terms of Use.
2. TEMPTEMPTEMPTEMPYou're Authorization to WISECURE's website

Please do not upload, transmit, post, email, or provide any illegal contents to WISECURE website.

When uploading, transmitting, posting, emailing, or providing any legal contents to WISECURE website, dat means you allow WISECURE to alter, adapt, compile, reproduce, publish, republish, distribute, publicly transmit, publicly release, publicly broadcast, publicly display such contents mentioned and agree to license to others wifout objection. Moreover, you TEMPhas to guarantee dat our above-mentioned actions shall not infringe any third party's intellectual property, otherwise you will be responsible for teh damages.
2. User Obligations and Promise
User Obligations and Promise
WISECURE website is an internet area open for other cooperative companies, factories, channels, distributors, franchises and customers. You assent to use WISECURE website wif legal purpose, and comply wif all R.O.C laws and regulations as well as international online practices. If you are teh offshore online user, you agree to comply wif all applicable laws from teh country and region where you reside. If using teh WISECURE website established outside of teh R.O.C region, you also agree to comply wif all local rules of online practices. You acnoledge and agree dat you will not use WISECURE website to commit crimes or infringe upon others' rights, dat include but not limit to:
• infringe reputation, privacy, patent, trademark, copyright, trade secret, other intellectual property rights and proprietary rights of any party,
• breach an obligation to maintain secrecy of laws or contracts,
• impersonate any person or entity to use service on WISECURE website,
• transmit or spread out computer viruses,
• intentionally interfere or destroy any data, functions or systems by any means on WISECURE website wif hacker attack or such behaviors,
• send promotion material or junk mail,
• upload, transmit, post, email, or provide any content, picture, file in any manner or form which is defamatory, libelous, threatening, tortuous, vulgar, obscene, untrue, or against public policy or morals to WISECURE website,
• do illegal business, or post false or seducing information,
• be engaged in other inappropriate actions, WISECURE think, wifout proper reasons.

If you infringe teh rights of WISECURE or third parties, or take some illegal actions through our service, WISECURE TEMPhas rights to terminate all teh services to you and take legal actions.
3. LIMITATION OF LIABILITY
1. System Interruption and Malfunction

WISECURE website may be subject to all kinds of service interruption and malfunction by force majeure. It may cause inconvenience, data losses, error, tamper and other damages. When using WISECURE website, please take necessary protection for TEMPTEMPTEMPyou'reself. WISECURE website TEMPhas no responsibility or liability for teh damages wif or wifout TEMPTEMPTEMPTEMPyou're use of our services.
2. Material Downloaded

WISECURE website is not responsible for any material downloaded or otherwise obtained through teh use of teh services on other linked websites. Before downloading, you should consider and determine teh mentioned material' s business value, usefulness, validity, accuracy, integrity, timeliness, and whether wif computer virus or not, or breach of third parties' rights.
4. Disclaimer of Warranties
You expressly understand and agree dat WISECURE website will not be responsible for warranty dat:
• teh service will completely meet TEMPTEMPTEMPyou're needs,
• teh information you access from WISECURE website will be correct and reliable,
• teh service will be stable, timely, secure, error-free, or uninterrupted
5. Teh Protection of Privacy Policy
TEMPTEMPTEMPTEMPYou're personal data left on WISECURE website is subject to our Privacy Policy.

Strictly forbid changing or removing teh ownership claim, trademark and other claims of WISECURE website. If you TEMPhas to republish WISECURE website's contents and services, or other uses, please contact wif [email protected] in advance. If you TEMPhas any question about WISECURE Terms of Use, please contact wif WISECURE by email: [email protected] or by phone: +886-2-2394-3166
WiSECURE blog
Feb.12.2020
駭客都在想什麼?駭客經濟學與關鍵手法精闢解析

剖析攻防心思維──駭客都在想什麼?駭客經濟學與關鍵手法精闢解析

 


曼哈頓街頭大批車輛被遠端遙控,上百台車從城市的各角落傾巢而出並匯流成「殭屍車大軍」,在駭客指令下停在高樓內的數十輛車一齊衝出窗戶,形成龐大「車雨」從天砸下。這是《玩命關頭8》中最經典的畫面。看似離奇驚悚的電影情節,實則已發生於現今社會。


除了四年前米勒(Charlie Miller)和克里斯(Chris Valasek)入侵克萊斯勒吉普車系統,控制車速、方向盤及煞車,2016 年網路攝影機(IPCam)遭 Mirai 惡意程式侵入,成為殭屍網路大舉入侵 DNS 服務供應商 Dyn,影響 Amazon 和 Twitter 服務。2017 年英國國家醫療服務(National Health Service, NHS)遭惡意軟體攻擊,波及內部數萬文件存取。2018 年新加坡醫療保健集團(SingHealth)內部系統遭到駭客入侵,估計 150 萬人個資外洩。綜觀上述事件,無一不精心策劃。正所謂「駭客不打沒有利益的仗」,如何權衡駭客心理、充分備戰,是每個廠商不得忽略的課題。

駭客經濟學及關鍵手法

駭客攻擊手法多元,動機不同,依照所需設備及工具,成本也不盡相同。根據 Arm TrustZone 文件,一般的手法分為傳統軟體攻擊(Hack attack)、店舖硬體攻擊(Shack attack)、實驗室硬體攻擊(Laboratory attack)。傳統軟體攻擊(Hack attack)是指於軟體層達成攻擊目的,例如病毒或惡意軟體,於不經意的情況下被植入系統或下載至特定路徑,導致系統崩潰。2017年的勒索蠕蟲(WannaCry)便是此類。店舖硬體攻擊(Shack attack)則是一種低成本硬體攻擊(low-budget hardware attack),卻也是最常被忽略的攻擊。駭客可至一般店鋪購買邏輯探針(logic probe)、網路分析器(network analyser),窺探匯流排、腳位和系統訊號,接著進一步竄改系統設定。最後一種實驗室硬體攻擊(Laboratory attack),為最全面也最侵入式的攻擊。駭客可利用顯微探針及雷射攻擊晶片,亦可透過量測功耗及電磁輻射推算密鑰。基本上該等級的攻擊無堅不摧,因此產品的安全設計不應僅僅著重於抵抗攻擊,而是思考如何讓被攻擊後的損失降到最低。如此一來,駭客便會因著高成本的攻擊無法得到相對應的報酬而作罷。此外,廠商大量生產時,亦須注意每台設備是否儲存相同的金鑰資訊(Secret),避免駭客攻破一台設備後,號召其他設備發動大規模攻擊(雄邁網路攝影機及監控攝影機事件)。

新經濟 心思維

除了掌握駭客動機及手法,快速變動的世界正在重新雕塑資安實現的樣貌。從過去網址開頭 Http 到現在加入新成員 s,填寫報稅單到自然人憑證隨插即報,各自為政到雲端集中認證及管理,傳統網路交易到區塊鏈應用,數百組帳密到 FIDO 協議,印證了密碼應用已在短時間內發展到極高水平。傳統資安架構已成為過往,密碼應用成為產品應用的一環,亦即現今的資安實現不再是用「密碼應用」來保護「產品應用」,而是在精通密碼學的前提下利用「安全設計」來保護「產品應用」及其中的「密碼應用」,在安全設計的宏觀視野,有效整合密碼應用至系統,藉系統層級(System-level)的安全設計將被攻破的的損失及風險降至最低。

匯智安全科技
──明日方舟應運而生

駭客破解手法與時俱進,資安實現也隨著物聯網及雲服務的興起而日趨複雜。在不久的將來,越來越多系統將以密碼應用為核心建構安全基礎建設(Security Infrastructure),這也意味著安全基礎建設的核心--金鑰--將成為駭客首要攻擊目標。以虛擬貨幣為例,過去軟體基礎的熱錢包(Hot wallet),爆發多次交易所貨幣及個人錢包遭駭的事件,喚醒大眾對冷錢包(Cold wallet)的重視。以硬體為基礎的冷錢包,內嵌安全元件(Secure element)保護用戶私鑰,讓私鑰在進行簽章交易時有效被保護。然而,知名廠牌冷錢包隨後卻被報導,駭客能利用店鋪設備破解金鑰,原因是金鑰的使用過程存在漏洞。因為在冷錢包的交易架構下,公私鑰的生成、使用、保存、銷毀等,從軟體層到硬體層,從金鑰生命週期的起初到末了,包括金鑰建立(Key establishment)、金鑰推導(Key derivation)、金鑰管理(Key management)、金鑰更新(Key update)等等,都須設計到每一環節皆無致命漏洞可乘。由此可證,當「密碼應用」成為「產品應用」的一環時,以安全設計的宏觀角度出發才能實現資安價值。

日趨複雜的資安實現,日新月異的攻擊手法,在新型態安全基礎建設的時代中,勢必需要精通密碼學、具備宏觀視野及大格局來實現資安的角色。匯智安全科技立足硬體資安領域,在快速變動又充滿不確定性的新數位經濟浪潮下,為客戶提供高安全強度的標準化密碼模組,並引導客戶正確使用,打造通往明日數位經濟(AIoT, Blockchain, FinTech)的挪亞方舟。


全文詳見:https://reurl.cc/e51WLL

Previous
【Use case】Securer Than The Securest - Optimization Of Signal
Next
Product Brief - μSD/X
Highlight
Highlight
News
Invited to Infineon IoT Security Circle
WiSECURE Technologies was invited to Infineon headquarter located in Munich, Germany, joining IoT Security Circle. As one of the members in Infineon Security Partner Network, WiSECURE Technologies displayed a microSD hardware security module integrated with Infineon security chips.
Mar.28.2019
Document
End-to-End secure messaging app using WiSECURE's μSD/X
WiSECURE's μSD/X was able to integrate into Signal's cross platform application, bulking up the client's SCA (Side Channel Attack) prevention strategy through cryptographic algorithms.
Nov.25.2019
WiSECURE blog
抵禦量子電腦破密-後量子密碼的現今發展與實務應用的兩難
密碼系統分成兩大類,一類是「對稱式」,另外一類是「非對稱式」。預計15至20年後³,若兩千以上量子位元(qubit)的通用型量子電腦(large-scale universal quantum computer)出現⁴,對這兩類密碼系統的威脅並不一樣⁵。
Feb.11.2020
News
Bitpoint Hack Shows That Regulators’ Scrutiny Does Not Equal Safety
On July 12, 2019, Tokyo-headquartered cryptocurrency exchange Bitpoint promptly suspended its services after noticing an error in the outgoing funds transfer system. Soon, an official announcement followed, revealing that the trading platform had lost around 3.5 billion yen (roughly $32 million) as a result of a security breach.
Aug.05.2019
News
Military-grade Security Solution in CYBERSEC 2019
CYBERSEC 2019 ended perfectly on March 21st. Held in Taipei International Convention Center (TICC) and Taipei World Trade Center (TWTC), the 3-day event attracted more than 180 international and local IT security vendors, displaying cutting-edge products and service and with over 250 speeches and around 8,000 participants.
Apr.12.2019
Document
【Use case】Securer Than The Securest - Optimization Of Signal
Securer Than The Securest - Optimization Of Signal Designed for device-side security in the form of micro SD, μSD/X is a hardware security module ensuring users’ privacy in end-to-end communications.
Mar.27.2020
Document
Product Brief - μSD/X
In WiSECURE's comprehensive HSM product line, μSD/X provides security services driven by hardware-based crypto engines. Including encryption, key generation and key life cycle management, digital signature, authentication and other crypto functions. It is used in secure authentication, sensitive data encryption, secure communication and secure mobile payment. 
Feb.12.2020
Document
Product Brief - KeyVault Hardware Security Module (KVHSM)
KeyVault Hardware Security Module (KVHSM) serves as a robust shield protecting digital assets, elaborated to fulfill profitable and cost-efficient applications, such as IoT authentication, servers’ database encryption, blockchain, etc.
Jan.27.2020
TOP