Securology

Again, inspired by the PGP WDE Bypass Issue ... I am not the only one in the world that uses the term " backdoor " in a generic...

John Dasher, Director of Product Management at PGP, commented with a link to PGP's documentation on the WDE Bypass Feature . I though...

There have been several comments regarding the PGP whole disk encryption bypass issue and in the process a few people have brought up the q...

This is the continuation of my response to Jon Callas regarding the PGP Whole Disk Encryption bypass . I can appreciate the problems inhe...

Thanks, Slashdot . Some of your comments are on target, some ... well, I anticipated the knee-jerk response you gave. Many people (even te...

Over on the Microsoft SDL ( Security Development Lifecycle ) blog, there's a post about a security tool Microsoft uses in their threat ...

As I can only assume the real Jon Callas placed this comment (and, Jon, I am grateful for your time and thoughts if it is you), here are m...

Popular whole disk encryption vendor, PGP Corporation , has a remote support “feature” which allows unattended reboots, fully-bypassing the ...

Thomas Ptacek makes an important comparison between network security and memory/hardware resource allocation, especially in terms of virtu...

In a recent sales attempt, I received a whitepaper (warning: PDF) from Web Application Layer Firewall vendor Imperva entitled: "The N...

In the past few days, Nate Lawson has a couple interesting articles on PC Memory Architecture and Protecting Memory from DMA using IOMMU ...

Matasano has some comments on the recent PDF vulnerability : "Modern PDF Readers do crazy things. Like embed remote web pages. T...

Separating code from data is a HUGE problem (possibly a root of all remote code execution evil) . Here's more info, some of it new, s...

After years of attempting to convince every Symantec SE I met to drop the Sisyphean virus signature database model, it appears that Symantec...

IOMMU , or Input Output Memory Management Unit, will likely play a large role in the security of future operating systems. If IOMMU does no...

" Secure " derives from the Latin words se , meaning "without", and cura , meaning "care" or "worry...

I predicted this a year or so ago (when I first heard of TOR ), but as predictions go, they don't have value if they aren't publishe...

One of the most surprising things for a savvy information security practitioner is the continued prevalence of intermingling of code and dat...

As it says above (and below for posterity), the intention of this blog is to look at the scientific aspects of security, namely "inform...