Securology

Thomas Ptacek makes an important comparison between network security and memory/hardware resource allocation, especially in terms of virtu...

In a recent sales attempt, I received a whitepaper (warning: PDF) from Web Application Layer Firewall vendor Imperva entitled: "The N...

In the past few days, Nate Lawson has a couple interesting articles on PC Memory Architecture and Protecting Memory from DMA using IOMMU ...

Matasano has some comments on the recent PDF vulnerability : "Modern PDF Readers do crazy things. Like embed remote web pages. T...

Separating code from data is a HUGE problem (possibly a root of all remote code execution evil) . Here's more info, some of it new, s...

After years of attempting to convince every Symantec SE I met to drop the Sisyphean virus signature database model, it appears that Symantec...

IOMMU , or Input Output Memory Management Unit, will likely play a large role in the security of future operating systems. If IOMMU does no...

" Secure " derives from the Latin words se , meaning "without", and cura , meaning "care" or "worry...

I predicted this a year or so ago (when I first heard of TOR ), but as predictions go, they don't have value if they aren't publishe...

One of the most surprising things for a savvy information security practitioner is the continued prevalence of intermingling of code and dat...

As it says above (and below for posterity), the intention of this blog is to look at the scientific aspects of security, namely "inform...