Tag Archives: Security

CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls

There are hundreds of web sites that describe the Padding Oracle attack, but many people find the concept confusing. I am going to try to explain everything you need to know. I am not going to write a bunch of equations … Continue reading

Posted in Hacking, Security | Tagged , , , , , , , | 3 Comments

System Development Lifecycle > Security Development Lifecycle

I was asked to list things I consider when creating/designing a world-class application. Whew. That’s  a complex question, and worthy of a PhD thesis, book, etc. Still, several things jumped out at me. And I thought it would be worth … Continue reading

Posted in Security, System Administration, System Engineering, Technology | Tagged , , , , , , , , , , , , , | Leave a comment

The Top Eleven Reasons why Security Experts get no Respect

Let’s face it – being a security expert is difficult. While security technology is very difficult, dealing with people, especially with people who don’t work in the security field, is far more difficult. Why is that, you say?  I have … Continue reading

Posted in Hacking, Humor, Security, Technology | Tagged , , , | 1 Comment

The need for Public Password Policies

After reading the Dashlane report on “The Illusion of Personal Data Security in E-Commerce”, I kept thinking about how developers replicate common security mistakes and that real progress in security rarely occurs. The industry’s current password policies are a disaster. … Continue reading

Posted in Security, Technology | Tagged , , , , , , , , , , , , | 2 Comments

Improving the HTTPS of Firefox using HowsMySSL.com and about:config

The web site HowsMySSL gives Firefox 26.0 a score of BAD. That’s not good. Here’s how to fix it. Type “about:config” in your broswer URL bar. This goes to the configuration page for Firefox. When you get a warning, ignore … Continue reading

Posted in Security | Tagged , , , , | 1 Comment

The new attack vector – HID

After attending Black Hat 2010/DEFCON 18, the world-famous hacking convention, I will make a prediction of a large number of attacks using USB devices being discovered for the next few years. USB drives can be dangerous. If you store sensitive … Continue reading

Posted in Hacking, Security | Tagged , , , , | Leave a comment