Tag Archives: Security

CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls

Posted on December 5, 2014 by grymoire

There are hundreds of web sites that describe the Padding Oracle attack, but many people find the concept confusing. I am going to try to explain everything you need to know. I am not going to write a bunch of equations … Continue reading →

Posted in Hacking, Security | Tagged AES, CBC, Cipher Block Chaining, Cryptography, Encryption, padding, Padding Oracle Attack, Security | 4 Comments

System Development Lifecycle > Security Development Lifecycle

Posted on April 8, 2014 by grymoire

I was asked to list things I consider when creating/designing a world-class application. Whew. That’s a complex question, and worthy of a PhD thesis, book, etc. Still, several things jumped out at me. And I thought it would be worth … Continue reading →

Posted in Security, System Administration, System Engineering, Technology | Tagged cybersecurity, development, doxygen, frameworks, fuzzers, javadoc, lifecycle, Microsoft, Perl, python, scapy, SDL, Security, sulley | Leave a comment

The Top Eleven Reasons why Security Experts get no Respect

Posted on March 3, 2014 by grymoire

Let’s face it – being a security expert is difficult. While security technology is very difficult, dealing with people, especially with people who don’t work in the security field, is far more difficult. Why is that, you say? I have … Continue reading →

Posted in Hacking, Humor, Security, Technology | Tagged boss, experts, Humor, Security | 1 Comment

The need for Public Password Policies

Posted on February 18, 2014 by grymoire

After reading the Dashlane report on “The Illusion of Personal Data Security in E-Commerce”, I kept thinking about how developers replicate common security mistakes and that real progress in security rarely occurs. The industry’s current password policies are a disaster. … Continue reading →

Posted in Security, Technology | Tagged Dashlane, KeePass, LastPass, Passwords, Policy, Public Password Policy, RDF, Resource Description Framework, SADL, Security, Security Policy, Semantic Web, Web | 2 Comments

Improving the HTTPS of Firefox using HowsMySSL.com and about:config

Posted on February 1, 2014 by grymoire

The web site HowsMySSL gives Firefox 26.0 a score of BAD. That’s not good. Here’s how to fix it. Type “about:config” in your broswer URL bar. This goes to the configuration page for Firefox. When you get a warning, ignore … Continue reading →

Posted in Security | Tagged Firefox, HTTPS, Security, SSL, TLS | 1 Comment

The new attack vector – HID

Posted on September 11, 2010 by grymoire

After attending Black Hat 2010/DEFCON 18, the world-famous hacking convention, I will make a prediction of a large number of attacks using USB devices being discovered for the next few years. USB drives can be dangerous. If you store sensitive … Continue reading →

Posted in Hacking, Security | Tagged Arduino, Hacking, HID, Security, USB | Leave a comment

Tag Archives: Security

CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls

System Development Lifecycle > Security Development Lifecycle

The Top Eleven Reasons why Security Experts get no Respect

The need for Public Password Policies

Improving the HTTPS of Firefox using HowsMySSL.com and about:config

The new attack vector – HID

Archives

Meta

Blogroll

Tags