Securology

I am surprised how often I hear an organization operate under the belief that they can really, truly can control what a remote client does u...

Has Verifone created a PCI silverbullet for Point Of Sale (POS) systems with their VeriShield Protect product ? It's certainly interesti...

Now that PCI 6.6's supporting documents are finally released , a lot people are jumping on the "Well, we're getting a Web Appli...

NASA has a program where you can send your name to the moon . Just give them your name, they'll store it electronically, and send it o...

Some academic security researchers at Carnegie Mellon have released a very compelling paper which introduces the idea that just monitoring ...

If you're one of the many practitioners waiting to see how the PCI Security Council clarifies the ambiguous 6.6 requirement, then you ma...

Tadayoshi Kohno, a Computer Science Professor at the University of Washington, is teaching an undergraduate computer security course with a...

From Slashdot : "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared : 'BD+, unlike AACS wh...

If there is a theme in good security research right now, it's that we cannot trust hardware. Ross Anderson and company at the Computer...

It's nice to not be on the top spot of Jon Callas' "CTO Corner" anymore ... although I held that spot for four and a half...

News.com has an excellent step-by-step complete with pictures detailing what it takes to steal the encryption keys for Apple's File Vaul...

Ed Felten and company publicized some research findings today on a form of side-channel attack against whole disk encryption keys stored ...

Websense CEO, Gene Hodges, on the futility of signature based antivirus , just an excerpt: On the modern attack vector: Antivirus software ...

I'm not a big fan of new names for variations of existing attacks, but Tavis Ormandy (of Google ) has pointed out an interesting way to...

I promised Nick Owens at WiKID Systems a response and it is long overdue. Nick commented on my " soft tokens aren't tokens at all...

Dr. Brian Chess , Chief Scientist at Fortify and static analysis guru , has a couple very interesting posts on the company blog: one on the...

I would like to see more like this from security vendors/service providers in industry: F-Secure has created a malware analysis course at th...

There have been a lot of interesting things going on with malware these days, but this is on the top of the list (for the next few hours any...

[ Begin rant ] OK. If security vendors don't get this simple equation, then we might as well all give up and give in... If you don...

There is a new flurry of malware floating around in the wild : boot record rootkits (a.k.a. "bootkits"). Yes, for those of you o...