Here are some of the top computer/information/application/software security highlights, many of which are top Google search hits as well:
- Tried to explain the difference between Trust and Trustworthiness, for which the article is still a top Google hit.
- That article wasn't as good as Ken Thompson's classic speech in 1984, though.
- There was the time PGP Corp didn't document a little feature that allowed a complete bypass of the whole disk encryption. That got slashdotted. Then there was some dialog with their CTO, Jon Callas about it. Back and forth.
- Shortly after that, Ed Felten's PhD students smashed many whole disk encryption products and Jon Callas got involved again.
- All that disk encryption talk got everyone thinking about the realities of evil maids!
- RSA's SecurID soft tokens got picked apart, since they're not really tokens after all.
- Years later, came the "told you so" about the RSA SecurID tokens.
- Remember that nifty way to trick Active Directory into snoozing the password expiration for an account?
- Waxed eloquent (or so was tried) on the principles of separating code from data, and why exactly that is such a pivotal problem with software security.
- Wondered what happened to Phil Zimmerman then found him at Silent Circle.
- There was the time a PCI QSA did not understand how to manage encryption keys (DEK/KEK) with the slight of hand tricks that hinder ecommerce's operational efficiencies.
- In an effort to "give back a little" gave some code to interact with Active Directory in C#, like adding MS Exchange objects, programmatically managing attributes on AD users and groups, even doing some very unique and complicated things like programmatically proxying Active Directory users into AD-LDS.
- One time, Little Bobby Tables went to the moon.
- Discussed brute forcing credit card numbers when PCI allows you to keep a large percentage of the digits.
- Against Web Application Firewalls before it was cool.
- And maybe some people chose not to get computer security jobs. (Probably not ...)
It's been fun. Here is to 7 more years!
No comments:
Post a Comment