Securology

Tadayoshi Kohno, a Computer Science Professor at the University of Washington, is teaching an undergraduate computer security course with a...

From Slashdot : "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared : 'BD+, unlike AACS wh...

If there is a theme in good security research right now, it's that we cannot trust hardware. Ross Anderson and company at the Computer...

It's nice to not be on the top spot of Jon Callas' "CTO Corner" anymore ... although I held that spot for four and a half...

News.com has an excellent step-by-step complete with pictures detailing what it takes to steal the encryption keys for Apple's File Vaul...

Ed Felten and company publicized some research findings today on a form of side-channel attack against whole disk encryption keys stored ...

Websense CEO, Gene Hodges, on the futility of signature based antivirus , just an excerpt: On the modern attack vector: Antivirus software ...

I'm not a big fan of new names for variations of existing attacks, but Tavis Ormandy (of Google ) has pointed out an interesting way to...

I promised Nick Owens at WiKID Systems a response and it is long overdue. Nick commented on my " soft tokens aren't tokens at all...

Dr. Brian Chess , Chief Scientist at Fortify and static analysis guru , has a couple very interesting posts on the company blog: one on the...

I would like to see more like this from security vendors/service providers in industry: F-Secure has created a malware analysis course at th...

There have been a lot of interesting things going on with malware these days, but this is on the top of the list (for the next few hours any...

[ Begin rant ] OK. If security vendors don't get this simple equation, then we might as well all give up and give in... If you don...

There is a new flurry of malware floating around in the wild : boot record rootkits (a.k.a. "bootkits"). Yes, for those of you o...

OK. Perhaps not "phone home" in the sense that these people think , but it does in fact do it, at least on a minor scale. A Win...

Kaspersky's AV accidentally identified the Windows Explorer process as malware . The same thing happened to Symantec with their Asian L...

I think I really like OpenDNS . It's intelligent. It's closer to the problem than existing solutions. And it's free. Ope...

This serves as a good follow-up to my dissection of Imperva's Application Layer Firewall vs Code Review whitepaper . Gary McGraw , the...

So, when I was reading this post on Light Blue Torchpaper ( Cambridge University' Computer Security Lab's blog) a few weeks back,...

It's 2007. Even the SANS Top 20 list has client-side applications as being a top priority. Simply put, organizations have figured out...