Browse by Tags

All Tags » Security Pontification (RSS)
Security is About Passwords and Credit Cards Part 2
The second part of my " Security is About Passwords and Credit Cards " article just hit the web. This installment looks at logon processes, misleading security eye candy, and insecure communications with customers. As always, I'd love your...
Posted 03 July 2008 02:32 PM by jesper | 1 comment(s)
Filed under:
Security is About Passwords and Credit Cards
Security is About Passwords and Credit Cards. That's what a very nice lady told me a few months ago. At first I shrugged it off. Of course security is so much more than that. As I started to process it though I realized that is exactly what it is...
Posted 20 June 2008 02:27 PM by jesper | 3 comment(s)
Filed under:
Thoughts on Security by Obscurity
This has not really been that normal a week for me, but at least another article made it into print. The June 2008 issue of TechNet Magazine is headlined by an article I wrote with my friend Roger Grimes, Security Adviser for Infoworld , on Security by...
Posted 13 May 2008 10:46 AM by jesper | 3 comment(s)
Filed under: ,
Warning! Don't run Anti-Malware Software on Your Research Machine
I do not run any anti-malware software on my primary workstation. It's a habit I got into way back when I was doing penetration assessments. I showed up at the site, fired up ye olde laptop, and went to run some tool. ...went to run some tool. Hey...
Posted 01 May 2008 12:20 PM by jesper | 5 comment(s)
Filed under:
Quantum Security
The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security . In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics...
Posted 22 April 2008 06:37 PM by jesper | 2 comment(s)
Filed under: ,
How to remove the security warning, or should you?
This morning there was an interesting question in the Windows Vista Security Newsgroup . The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one: The poster...
Posted 21 April 2008 11:10 AM by jesper | 8 comment(s)
Filed under:
Regulatory Silliness
Susan just pointed me to a " Self-assessment questionnaire " for the Payment Card Industry Data Security Standard (PCI/DSS). While, on the whole, the intent of that standard is good, there are some areas of it that, as usual, stray into the...
Posted 10 March 2008 10:30 AM by jesper | 7 comment(s)
Filed under:
Measuring Identity Theft
Chris Hoofnagle, of the Berkeley Center for Law And Technology just published a fascinating report entitled " Measuring Identity Theft at Top Banks ." If you have not already, and you are at all interested in security and privacy, you owe it...
Posted 29 February 2008 03:20 PM by jesper | 1 comment(s)
Filed under:
Write down your passwords
A few years back I caused quite a stir when I mentioned in passing during a presentation that writing down your password is a really good idea. A journalist in the room decided that saying so qualified me as insane, and my employer sending an insane person...
Posted 04 February 2008 05:09 PM by jesper | 8 comment(s)
Filed under:
Theft-proof biometrics
At last, there is a biometric authentication technique that cannot be stolen. Or, well, it can, but at least it won't work any longer. Drs. Philip M. Rodwell and Steven M. Furnell recently published "A non-intrusive biometric authentication mechanism...
Posted 04 February 2008 10:56 AM by jesper | 3 comment(s)
Filed under: ,
UK Government Leaks Data on Half The Country
Another day. Another data leak. Another round of buck passing. Another round of unsubstantiated claims that they really do care about people's personal information. This one is a doozy though. A junior IT admin at Her Majesty's Revenue & Customs...
Posted 21 November 2007 11:33 AM by jesper | 1 comment(s)
Filed under:
All Software Has Vulnerabilities
No matter how smug you are about it, and how much you claim that security is someone else's problem, software will have vulnerabilities. It is a fact of life because software is, by far, the most complex engineering task mankind has ever undertaken...
Posted 20 November 2007 02:04 PM by jesper | 1 comment(s)
Filed under: ,
Dilbert Knows Why Security is Struggling
If it weren't because too many security departments are like Mordac, today's Dilbert would be funny. Unfortunately, there are still far too many people working on security that fail to recognize that nobody actually wants security. Nobody bought...
Posted 16 November 2007 08:20 AM by jesper | with no comments
Filed under:
From the mouth of babes, part 12398
A couple of weeks ago I got myself invited to my oldest son's fourth-grade class to talk to the kids about security. The teacher is really into technology and is doing some very cool stuff. Unfortunately, he is not very into security, yet, so that...
Posted 09 October 2007 12:53 PM by jesper | 9 comment(s)
Filed under:
Security is not just for PCs
A friend just pointed me to this fascinating article about an attack on the Greek Vodafone network. The article discusses an attack that installed a rootkit on an Ericsson cellular phone switch which was used to divert calls of high-ranking Greek officials...
Posted 01 October 2007 09:25 AM by jesper | 3 comment(s)
Filed under:
More Posts Next page »