Securology

(noun) securology. Latin: se cura logia
Literally translated: the study of being without care or worry

Monday, August 31, 2009

Social Engineering at the Age of 4

I guess maybe I was born to be a security-minded person, if "fate" or "nurture" deemed thus. I just was recollecting th...

Monday, August 24, 2009

Real-Time Keyloggers

›

I have discussed real-time keyloggers before, as a way to defeat some online banking applications , among other things, and that in general,...

3 comments:

Wednesday, July 22, 2009

PCI Wireless Insanity

›

I'm not sure if this de-thrones what I previously referred to as the Stupidest PCI Requirement Ever , but it's close. Sometimes the...

Monday, July 13, 2009

Random Active Directory Quirkiness

›

Do you need to comply with some external regulations (think PCI) that require your Microsoft Active Directory (AD) passwords to be changed f...

Thursday, May 28, 2009

More Fake Security

›

The uninstallation program for Symantec Anti-Virus requires an administrator password that is utterly trivial to bypass. This probably isn...

Friday, May 15, 2009

"Application" vs "Network" Penetration Tests

›

Just my two cents, but if you have to dialog about the distinction between an "application" and "network" penetration te...

PCI & Content Delivery Networks

›

Here's an interesting, but commonly overlooked, little security nugget. If you are running an e-commerce application and rely on a Con...

2 comments:

Tuesday, February 3, 2009

Rubber Hose Cryptanalysis

›

Rubber hose cryptanalysis , xkcd -style. It's funny because it's true: Unfortunately, so much of computer security is exactly this ...

1 comment:

Friday, January 9, 2009

So you think you want a job in Computer Security

›

This is my blatant attempt to re-direct any aspiring, up-and-coming security professionals into another line of work, for the sake of their ...

9 comments:

Tuesday, December 30, 2008

Forging RSA-MD5 SSL Certs

›

Wow. This is a big deal: The forged certificates will say they were issued by a CA called "Equifax Secure Global eBusiness", wh...

4 comments:

Monday, December 8, 2008

The Stupidest PCI Requirement EVER!

›

The Payment Card Industry (PCI) regulatory compliance goals are good, but not perfect. Some individual requirements in the Data Security St...

11 comments:

Monday, October 27, 2008

Banks, Malware, and More Failing Tokens

›

The Kaspersky folks have an interesting report on malware that targets the banking and financial markets that supports and echoes many of t...

2 comments:

Tuesday, September 23, 2008

Venema on Spam

›

I'm grateful for physicist Wietse Venema's contributions (satan, the coroner's toolkit, TCP Wrappers, and Postfix) to the comput...

Saturday, September 13, 2008

Computer Security is Harder than Nuclear Physics

›

It's official. We now have conclusive evidence. Computer Security is, in fact, more difficult than nuclear physics. I submit to you, ...

2 comments:

Saturday, August 23, 2008

Gmail Mobile Insecurity

›

Google just released a new set of security features for Gmail. However, you cannot turn on the "always use HTTPS" option if you ...

Saturday, August 16, 2008

The Case of MIT Subway Hackers

›

By now, you may have read about a group of MIT Students who were set to present some insecurity details of the "CharlieCard" sub...

Wednesday, August 13, 2008

Linux SSO to AD

›

This is a break from the traditional types of posts. It's more of an instructional howto, but I hope that it is valuable nonetheless. ...

Thursday, June 26, 2008

Breaking Cisco VPN Policy

›

I am surprised how often I hear an organization operate under the belief that they can really, truly can control what a remote client does u...

2 comments:

‹

›

Home

View web version