Securology

I'm grateful for physicist Wietse Venema's contributions (satan, the coroner's toolkit, TCP Wrappers, and Postfix) to the comput...

It's official. We now have conclusive evidence. Computer Security is, in fact, more difficult than nuclear physics. I submit to you, ...

Google just released a new set of security features for Gmail. However, you cannot turn on the "always use HTTPS" option if you ...

By now, you may have read about a group of MIT Students who were set to present some insecurity details of the "CharlieCard" sub...

This is a break from the traditional types of posts. It's more of an instructional howto, but I hope that it is valuable nonetheless. ...

I am surprised how often I hear an organization operate under the belief that they can really, truly can control what a remote client does u...

Has Verifone created a PCI silverbullet for Point Of Sale (POS) systems with their VeriShield Protect product ? It's certainly interesti...

Now that PCI 6.6's supporting documents are finally released , a lot people are jumping on the "Well, we're getting a Web Appli...

NASA has a program where you can send your name to the moon . Just give them your name, they'll store it electronically, and send it o...

Some academic security researchers at Carnegie Mellon have released a very compelling paper which introduces the idea that just monitoring ...

If you're one of the many practitioners waiting to see how the PCI Security Council clarifies the ambiguous 6.6 requirement, then you ma...

Tadayoshi Kohno, a Computer Science Professor at the University of Washington, is teaching an undergraduate computer security course with a...

From Slashdot : "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared : 'BD+, unlike AACS wh...

If there is a theme in good security research right now, it's that we cannot trust hardware. Ross Anderson and company at the Computer...

It's nice to not be on the top spot of Jon Callas' "CTO Corner" anymore ... although I held that spot for four and a half...

News.com has an excellent step-by-step complete with pictures detailing what it takes to steal the encryption keys for Apple's File Vaul...

Ed Felten and company publicized some research findings today on a form of side-channel attack against whole disk encryption keys stored ...

Websense CEO, Gene Hodges, on the futility of signature based antivirus , just an excerpt: On the modern attack vector: Antivirus software ...

I'm not a big fan of new names for variations of existing attacks, but Tavis Ormandy (of Google ) has pointed out an interesting way to...

I promised Nick Owens at WiKID Systems a response and it is long overdue. Nick commented on my " soft tokens aren't tokens at all...