Securology

(noun) securology. Latin: se cura logia
Literally translated: the study of being without care or worry

Wednesday, December 2, 2009

The Reality of Evil Maids

›
There have been many attacks on whole disk encryption recently: Cold Boot attacks in which keys hang around in memory a lot longer than m...
1 comment:
Wednesday, November 4, 2009

Selecting a Pistol Safe

›
NOTE: In the name of "all things security", because this blog is intended to be about physical security, too, not just information...
30 comments:
Monday, October 5, 2009

RSA doesn't know Kerckhoff

›
I found this in RSA Security's guide for their Authentication Manager (a.k.a. RSA SecurID) application suite: "This reference gu...
2 comments:
Monday, August 31, 2009

Social Engineering at the Age of 4

›
I guess maybe I was born to be a security-minded person, if "fate" or "nurture" deemed thus. I just was recollecting th...
Monday, August 24, 2009

Real-Time Keyloggers

›
I have discussed real-time keyloggers before, as a way to defeat some online banking applications , among other things, and that in general,...
3 comments:
Wednesday, July 22, 2009

PCI Wireless Insanity

›
I'm not sure if this de-thrones what I previously referred to as the Stupidest PCI Requirement Ever , but it's close. Sometimes the...
Monday, July 13, 2009

Random Active Directory Quirkiness

›
Do you need to comply with some external regulations (think PCI) that require your Microsoft Active Directory (AD) passwords to be changed f...
Thursday, May 28, 2009

More Fake Security

›
The uninstallation program for Symantec Anti-Virus requires an administrator password that is utterly trivial to bypass. This probably isn...
Friday, May 15, 2009

"Application" vs "Network" Penetration Tests

›
Just my two cents, but if you have to dialog about the distinction between an "application" and "network" penetration te...

PCI & Content Delivery Networks

›
Here's an interesting, but commonly overlooked, little security nugget. If you are running an e-commerce application and rely on a Con...
2 comments:
Tuesday, February 3, 2009

Rubber Hose Cryptanalysis

›
Rubber hose cryptanalysis , xkcd -style. It's funny because it's true: Unfortunately, so much of computer security is exactly this ...
1 comment:
Friday, January 9, 2009

So you think you want a job in Computer Security

›
This is my blatant attempt to re-direct any aspiring, up-and-coming security professionals into another line of work, for the sake of their ...
9 comments:
Tuesday, December 30, 2008

Forging RSA-MD5 SSL Certs

›
Wow. This is a big deal: The forged certificates will say they were issued by a CA called "Equifax Secure Global eBusiness", wh...
4 comments:
Monday, December 8, 2008

The Stupidest PCI Requirement EVER!

›
The Payment Card Industry (PCI) regulatory compliance goals are good, but not perfect. Some individual requirements in the Data Security St...
11 comments:
Monday, October 27, 2008

Banks, Malware, and More Failing Tokens

›
The Kaspersky folks have an interesting report on malware that targets the banking and financial markets that supports and echoes many of t...
2 comments:
Tuesday, September 23, 2008

Venema on Spam

›
I'm grateful for physicist Wietse Venema's contributions (satan, the coroner's toolkit, TCP Wrappers, and Postfix) to the comput...
Saturday, September 13, 2008

Computer Security is Harder than Nuclear Physics

›
It's official. We now have conclusive evidence. Computer Security is, in fact, more difficult than nuclear physics. I submit to you, ...
2 comments:
‹
›
Home
View web version
Powered by Blogger.