Securology

Ed Felten and company publicized some research findings today on a form of side-channel attack against whole disk encryption keys stored ...

Websense CEO, Gene Hodges, on the futility of signature based antivirus , just an excerpt: On the modern attack vector: Antivirus software ...

I'm not a big fan of new names for variations of existing attacks, but Tavis Ormandy (of Google ) has pointed out an interesting way to...

I promised Nick Owens at WiKID Systems a response and it is long overdue. Nick commented on my " soft tokens aren't tokens at all...

Dr. Brian Chess , Chief Scientist at Fortify and static analysis guru , has a couple very interesting posts on the company blog: one on the...

I would like to see more like this from security vendors/service providers in industry: F-Secure has created a malware analysis course at th...

There have been a lot of interesting things going on with malware these days, but this is on the top of the list (for the next few hours any...

[ Begin rant ] OK. If security vendors don't get this simple equation, then we might as well all give up and give in... If you don...

There is a new flurry of malware floating around in the wild : boot record rootkits (a.k.a. "bootkits"). Yes, for those of you o...

OK. Perhaps not "phone home" in the sense that these people think , but it does in fact do it, at least on a minor scale. A Win...

Kaspersky's AV accidentally identified the Windows Explorer process as malware . The same thing happened to Symantec with their Asian L...

I think I really like OpenDNS . It's intelligent. It's closer to the problem than existing solutions. And it's free. Ope...

This serves as a good follow-up to my dissection of Imperva's Application Layer Firewall vs Code Review whitepaper . Gary McGraw , the...

So, when I was reading this post on Light Blue Torchpaper ( Cambridge University' Computer Security Lab's blog) a few weeks back,...

It's 2007. Even the SANS Top 20 list has client-side applications as being a top priority. Simply put, organizations have figured out...

I am a big fan of Dan Geer (image at left); he always has an interesting perspective on security issues, but that's not to say I agree...

The three categories of authentication : Something you know Something you have Something you are Physical hardware tokens, like RSA's Se...

F-Secure's blog is discussing how there are more bad TOR nodes out there. I discussed awhile back how TOR's goal of anonymity is ...

Of course, the media are spinning this as " don't encrypt your laptop and you could go to jail " when the goal of the legislat...

Recently, law enforcement acquired confidential email messages from the so-called secure email service , Hushmail . Law enforcement explo...