NGIT

27/01/2026

Well-deserved recognition for Gatelink.

https://www.f6s.com/companies/cyber-security/bulgaria/co?fbclid=IwY2xjawPl7hdleHRuA2FlbQIxMQBicmlkETB4WVNwU0NxRmN6VnF2bWlEc3J0YwZhcHBfaWQQMjIyMDM5MTc4ODIwMDg5MgABHvCIIpvd-vKlQpPixFL_v1ndVtxTMHHsQB0V73DD0B6f7HN_rl_HOetXTMKD_aem_-1H1QJtRhd2wF-m6XNYmdA

Detailed info and reviews on 12 top Cyber Security companies and startups in Bulgaria in 2026. Get the latest updates on their products, jobs, funding, investors, founders and more.

23/11/2025

WHY ARE WEB-BASED ENCRYPTION SYSTEMS HIGHLY VULNERABLE TO TIME-BASED CRYPTOATTACKS?

I don't know if you've ever thought about this question, but I was amazed when I learned from a conversation with colleagues that they have serious problems with the so-called "time synchronization".

As absurd as it may sound to some, the reason for all misunderstandings lies in the lack of technical knowledge and observance of technological discipline. These two factors are the foundation on which the exploitative resilience of all cybernetic systems is built. Unfortunately, however, they are most often violated.
In this case, we have a gross violation of the requirements of standards such as ANSI and ISO 8601.

Suppose someone believes that what we are saying is "complete nonsense". In that case, it is good to carefully analyze ECMAScript and Node.js, which are used extensively in such "modern" applications (or 'apps', whatever the latter means, as such definitions are contrary to engineering science for us).

And this is where the funniest part comes in.
Since hardly anyone would spend 130 CHF (excluding VAT) to buy something useful, they are most likely to turn to Google. As a result, it is quite natural to get the following answer:

" ... If no UTC relation information is given with a time representation, the time is assumed to be in local time ..."

Here, you need to be very careful in the translation (regardless of your language skills), because this answer hides several pitfalls that you do not even suspect.

As First, it's a good idea to take a quick look at Date.parse() - JavaScript | MDN (mozilla.org). If you read carefully (and this is important), you can't help but notice the following phrase:

"If you do not specify a time zone, the local time zone is assumed."

Note that here we have a strict adherence to the requirements of the standard.

The next step is to take a look at ECMA-262 - Ecma International (ecma-international.org).
Here it is clearly written:

"The value of an absent time zone offset is «Z».".

The official MSDN documentation also clearly states:

"If you do not include a value in the Z position, UTC time is used."

But what happens?

In the distant 2011 (end of June), differences between ISO and ECMA 5.1 appeared. As a result, several web-based applications began to accumulate system errors for several hours, the reason being how the time was interpreted in the browsers used and how by the servers.
However, this can create very serious problems that are often overlooked and rarely subjected to serious discussion.

In this line of thought, how many ways of measuring time intervals do you know and how they differ from each other?

Try to learn a little more about time zones and the problems associated with them. You will learn many interesting things that you did not even suspect.

22/11/2025

CRYPTHOR™
Alternative post-quantum solutions for business

22/11/2025

CRYPTHOR™

An effective solution to ensure information security.

22/11/2025

22/11/2025

CRYPTHOR™

An Alternative Post Quantum Solution for Business.

22/11/2025

TEST OUR NEW SOLUTIONS

• Professional file encryption manager;
• Professional file packages encryption manager;
• Professional security file briefcase manager;
• Professional file shredder and digital data sanitization manager;
• Professional file shredder and digital data sanitization manager;
• Specialized solutions for the generation and transformation of the used user passwords;
• Specialized solutions for automatic formation of session; cryptographic primitives (delta generators);
• Professional encryption process documentation;
• Professional crypto CMD manager (security script editor, SSE);
• A specialized secure text editor;
• Virtual disk management module;
• Steganography module (basic version);
• Object-relational encryption (eyless data encryption, KDE);
• Generation of session cryptographic protocols using control strings (control string encryption, CSE);
• Specialized systems for automatic verification of used hardware systems (hardware-dependent system, HDS);
• Еncryption processes оptimization;
• Processes system control оptimization, etc..

Guaranteed protection of digital data is a primary duty of every administrative and financial agency, commercial organization, development unit, scientific institute, and military structure. File Protect System is a specialized, hybrid application for managing the life cycle of critical information....

22/11/2025

TEST OUR NEW SOLUTIONS

Еxternal professional security email client (BS Mail II, free edition)
Еxternal professional file shredder (FDM II, free edition)
Professional file encryption manager (File Encryption Manager, FEM)
Professional file packages encryption manager (FPM, base edition)
A professional solution for managing secret file briefcases (PFB, base edition)
Secure electronic notebooks
A specialized module for managing digital certificates (DCM, standard edition)
A specialized module for encrypted text messages (ЕТМ, base version)
A specialized module for encrypted system scripts (PSM, base version)
A specialized module for generating system reports (CRM, base version)
Image steganography module (CSM, base version)
A specialized module for managing virtual disks (VDM, base edition)
A specialized module for managing the life cycle of used secret keys
A specialized module for managing the life cycle of the cryptographic primitives used
A specialized module for the automatic generation and transformation of the used passwords
Specialized module for automatically generating and managing the life cycle of used control strings

Guaranteed protection of digital data is a primary duty of every administrative and financial agency, commercial organization, development unit, scientific institute, and military structure. File Protect System is a specialized, hybrid application for managing the life cycle of critical information....

22/11/2025

Guaranteed protection of digital data is a primary duty of every administrative and financial agency, commercial organization, development unit, scientific institute, and military structure.

File Protect System is a specialized, hybrid application for managing the life cycle of critical information stored on local or server data devices (access control, secure file and message exchange, encrypting, decrypting, destroying, etc.).

The application allows the following actions:

• Secure solutions for exchanging critical digital data (emails, files, digital images, etc.).
• Encrypt and decrypt selected files and folders located on different physical media (local and network);
• Automatic generation of secure systems for archiving and transferring critical digital data (secure electronic briefcases).
• Hybrid steganographic solutions.
• Specialized solutions for critical digital data destruction (file shredders) and disk drive sanitation.
• Management of the life cycle of the used cryptographic protocols;
• Specialized solutions for the generation and transformation of used user passwords into delta strings, enabling improved DLP protection.
• Highly efficient alternative solutions, allowing additional protection or complete replacement of used authentication certificates.
• Storing the used cryptographic primitives in secure electronic notebooks;
• Management of delta cryptographic primitives (implicit security primitives, ISP);
• Automatic generation of session secret keys based on randomly selected delta primitives (CDP encryption);
• Management of digital certificates (generation, export, signing, etc.);
• Secure electronic notebooks for storing digital certificates and secret keys;
• Management of cryptographic processes for file packages;
• Design and implementation of meta-scenarios for the protection of digital data;
• Real-time processes control;
• Automatic formation of official reports;
• Management of the processes related to the destruction of critical information, etc.

FIELD OF APPLICATION

Protecting large arrays of files located on different media is a complex and difficult process to perform.

Procedures related to the storage, editing, transfer, and destruction of files are of utmost importance to ensure compliance with security protocols during the exploitation cycle.

Statistics show that most unauthorized access attempts aim at the critical information in specific files, including the authentication certificates used.

FPS enables the maximum reduction of risks by using a set of highly effective professional solutions to protect both specific groups of files and any information located on data storage devices

The application uses some of the most effective standard encryption algorithms used by government organizations and corporate structures.

The module for the formation of service reports makes the application an indispensable tool when building cybersecurity systems that meet the requirements of ISO - ISO/IEC 27001 and ISO - ISO/IEC 27002.

The development process used both standard algorithms described in NIST SP 800-88 and NIST SP 800-90A, which include Hash DRBG (based on a hash function), HMAC DRBG (based on HMAC), and CTR DRBG (based on block ciphers in counter mode), as well as some specific solutions used in the technology BS 1443, BS 7122, etc.

Guaranteed protection of digital data is a primary duty of every administrative and financial agency, commercial organization, development unit, scientific institute, and military structure. File Protect System is a specialized, hybrid application for managing the life cycle of critical information....

26/10/2025

INTRODUCTION TO USING CONTROL STRINGS
(alternative post-quantum encryption methods)

Control strings guarantee symmetric generation not only of secret keys, but also of entire cryptographic protocols, when using open channels for data exchange.
They also enable the life cycle management of cryptographic protocols used, without requiring specialized hardware solutions.
If we are as objective as possible, this is a budget post-quantum solution for protecting digital data with high efficiency and low operating costs.
Control strings are also a serious alternative to the widely used authentication certificates, without having their shortcomings.

The existing systems and solutions for the generation, transmission, utilization, storage, and destruction of encryption keys are confronted by at least two major problems:

- Ongoing need to prove logically and empirically the resistance against crypto attacks and breaches.

- The quantitative assessment is always based on/contingent on the level of development of the available systems/apparatus and software tools as of the specific period assessment.

In addition, when symmetric encryption algorithms with a common encryption key are utilized, the problems are magnified by the issues with the key distribution among the system users, generally, or the session participants.

The control string implementation overcomes these hurdles by means of:

- Generate a common encryption key and manage it under a unified set of rules throughout the whole life-cycle of the encryption key;
- Using an open communication channel without exchanging secret/classified information ;
- Following strict compliance with existing and projected standardization and documentation requirements.

According to the classical theory and the standard encryption approaches to date, users cannot exchange encrypted messages unless they use a common encryption key.

As a corollary, users cannot exchange an encryption key with absolute security because they lack a secure channel to guarantee the confidentiality/security of the exchange.

However, this line of thinking is only partially true.

In reality, users can exchange or generate a common encryption key using an open communication channel.
This is made possible by the so-called quantum effect of random events. In addition, users (or endpoints, or system nodes, or any equivalent in the context of securing any form of information structure at rest or data in transit) have the option to exchange in an implicit/obscure form the elements, procedures, and prescriptions needed to create and manage the encryption keys throughout their life cycle.

Control strings are a hybrid cryptographic protocol where there is virtually no exchange of secret keys in any form. The exchange in this case is replaced by a process of symmetric session generation of cryptographic primitives, which also includes the secret keys used. In the implementation of this process, delta primitives are used, which are characterized by the fact that they do not contain any sensitive information in any form.

Deltas generated as a result of using control strings allow end users to generate a set of secret primitives within a working session without having direct access to them (users do not have access to the generated session cryptographic primitives). This specificity can be considered as an additional advantage, because in practice, in this way, a number of "internal" threats caused by the human factor are eliminated.

23/08/2025

Review on Softpedia