Securology

(noun) securology. Latin: se cura logia
Literally translated: the study of being without care or worry

Tuesday, February 3, 2009

Rubber Hose Cryptanalysis

Rubber hose cryptanalysis , xkcd -style. It's funny because it's true: Unfortunately, so much of computer security is exactly this ...

Friday, January 9, 2009

So you think you want a job in Computer Security

This is my blatant attempt to re-direct any aspiring, up-and-coming security professionals into another line of work, for the sake of their ...

Tuesday, December 30, 2008

Forging RSA-MD5 SSL Certs

Wow. This is a big deal: The forged certificates will say they were issued by a CA called "Equifax Secure Global eBusiness", wh...

Monday, December 8, 2008

The Stupidest PCI Requirement EVER!

The Payment Card Industry (PCI) regulatory compliance goals are good, but not perfect. Some individual requirements in the Data Security St...

Monday, October 27, 2008

Banks, Malware, and More Failing Tokens

The Kaspersky folks have an interesting report on malware that targets the banking and financial markets that supports and echoes many of t...

Tuesday, September 23, 2008

Venema on Spam

I'm grateful for physicist Wietse Venema's contributions (satan, the coroner's toolkit, TCP Wrappers, and Postfix) to the comput...

Saturday, September 13, 2008

Computer Security is Harder than Nuclear Physics

It's official. We now have conclusive evidence. Computer Security is, in fact, more difficult than nuclear physics. I submit to you, ...

Saturday, August 23, 2008

Gmail Mobile Insecurity

Google just released a new set of security features for Gmail. However, you cannot turn on the "always use HTTPS" option if you ...

Saturday, August 16, 2008

The Case of MIT Subway Hackers

By now, you may have read about a group of MIT Students who were set to present some insecurity details of the "CharlieCard" sub...

Wednesday, August 13, 2008

Linux SSO to AD

This is a break from the traditional types of posts. It's more of an instructional howto, but I hope that it is valuable nonetheless. ...

Thursday, June 26, 2008

Breaking Cisco VPN Policy

I am surprised how often I hear an organization operate under the belief that they can really, truly can control what a remote client does u...

Friday, May 23, 2008

PCI Silverbullet for POS?

Has Verifone created a PCI silverbullet for Point Of Sale (POS) systems with their VeriShield Protect product ? It's certainly interesti...

Saturday, May 17, 2008

Why You Don't Need a Web Application Layer Firewall

Now that PCI 6.6's supporting documents are finally released , a lot people are jumping on the "Well, we're getting a Web Appli...

Saturday, May 10, 2008

Sending Bobby Tables to the Moon

NASA has a program where you can send your name to the moon . Just give them your name, they'll store it electronically, and send it o...

Saturday, May 3, 2008

Automating Exploitation Creation

Some academic security researchers at Carnegie Mellon have released a very compelling paper which introduces the idea that just monitoring ...

Tuesday, April 15, 2008

PCI 1.1 Section 6.6

If you're one of the many practitioners waiting to see how the PCI Security Council clarifies the ambiguous 6.6 requirement, then you ma...

View web version

Powered by Blogger.