Securology

(noun) securology. Latin: se cura logia
Literally translated: the study of being without care or worry

Thursday, July 1, 2010

Schneier vs PCI

Bruce Schneier just echoed what I wrote back in December 2008 that the encryption key management aspects of PCI 1.2 and earlier are flat-ou...

Friday, May 21, 2010

Verisign Turns Yellow

On the heels of turning PGP corp Yellow , now Verisign is turning Yellow, too . Symantec is acquiring Verisign, too. These overpriced ...

Monday, March 29, 2010

SSL & Big Government. Where's Phil Zimmerman?

What an interesting year 2010 is already turning out to be in technology, politics, and life as we know it. More censorship battles are goi...

Thursday, February 25, 2010

Earth Shattering Attacks on Disk Encryption

Trusted Platform Modules (TPMs) are were the last hope of truly secure distributed computing endpoints. The idea behind TPMs is that they...

Wednesday, December 2, 2009

The Reality of Evil Maids

There have been many attacks on whole disk encryption recently: Cold Boot attacks in which keys hang around in memory a lot longer than m...

Wednesday, November 4, 2009

Selecting a Pistol Safe

NOTE: In the name of "all things security", because this blog is intended to be about physical security, too, not just information...

Monday, October 5, 2009

RSA doesn't know Kerckhoff

I found this in RSA Security's guide for their Authentication Manager (a.k.a. RSA SecurID) application suite: "This reference gu...

Monday, August 31, 2009

Social Engineering at the Age of 4

I guess maybe I was born to be a security-minded person, if "fate" or "nurture" deemed thus. I just was recollecting th...

Monday, August 24, 2009

Real-Time Keyloggers

I have discussed real-time keyloggers before, as a way to defeat some online banking applications , among other things, and that in general,...

Wednesday, July 22, 2009

PCI Wireless Insanity

I'm not sure if this de-thrones what I previously referred to as the Stupidest PCI Requirement Ever , but it's close. Sometimes the...

Monday, July 13, 2009

Random Active Directory Quirkiness

Do you need to comply with some external regulations (think PCI) that require your Microsoft Active Directory (AD) passwords to be changed f...

Thursday, May 28, 2009

More Fake Security

The uninstallation program for Symantec Anti-Virus requires an administrator password that is utterly trivial to bypass. This probably isn...

Friday, May 15, 2009

"Application" vs "Network" Penetration Tests

Just my two cents, but if you have to dialog about the distinction between an "application" and "network" penetration te...

PCI & Content Delivery Networks

Here's an interesting, but commonly overlooked, little security nugget. If you are running an e-commerce application and rely on a Con...

Tuesday, February 3, 2009

Rubber Hose Cryptanalysis

Rubber hose cryptanalysis , xkcd -style. It's funny because it's true: Unfortunately, so much of computer security is exactly this ...

Friday, January 9, 2009

So you think you want a job in Computer Security

This is my blatant attempt to re-direct any aspiring, up-and-coming security professionals into another line of work, for the sake of their ...

View web version

Powered by Blogger.