Tag Archives: Security
CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls
There are hundreds of web sites that describe the Padding Oracle attack, but many people find the concept confusing. I am going to try to explain everything you need to know. I am not going to write a bunch of equations … Continue reading
System Development Lifecycle > Security Development Lifecycle
I was asked to list things I consider when creating/designing a world-class application. Whew. That’s a complex question, and worthy of a PhD thesis, book, etc. Still, several things jumped out at me. And I thought it would be worth … Continue reading
The Top Eleven Reasons why Security Experts get no Respect
Let’s face it – being a security expert is difficult. While security technology is very difficult, dealing with people, especially with people who don’t work in the security field, is far more difficult. Why is that, you say? I have … Continue reading
The need for Public Password Policies
After reading the Dashlane report on “The Illusion of Personal Data Security in E-Commerce”, I kept thinking about how developers replicate common security mistakes and that real progress in security rarely occurs. The industry’s current password policies are a disaster. … Continue reading
Improving the HTTPS of Firefox using HowsMySSL.com and about:config
The web site HowsMySSL gives Firefox 26.0 a score of BAD. That’s not good. Here’s how to fix it. Type “about:config” in your broswer URL bar. This goes to the configuration page for Firefox. When you get a warning, ignore … Continue reading
The new attack vector – HID
After attending Black Hat 2010/DEFCON 18, the world-famous hacking convention, I will make a prediction of a large number of attacks using USB devices being discovered for the next few years. USB drives can be dangerous. If you store sensitive … Continue reading