-
Archives
- March 2017
- January 2017
- February 2016
- March 2015
- January 2015
- December 2014
- November 2014
- September 2014
- July 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- November 2010
- October 2010
- September 2010
- July 2010
- January 2010
- October 2009
- September 2009
- August 2009
- June 2009
-
Meta
Tag Archives: Security
CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls
There are hundreds of web sites that describe the Padding Oracle attack, but many people find the concept confusing. I am going to try to explain everything you need to know. I am not going to write a bunch of equations … Continue reading
Posted in Hacking, Security
Tagged AES, CBC, Cipher Block Chaining, Cryptography, Encryption, padding, Padding Oracle Attack, Security
3 Comments
System Development Lifecycle > Security Development Lifecycle
I was asked to list things I consider when creating/designing a world-class application. Whew. That’s a complex question, and worthy of a PhD thesis, book, etc. Still, several things jumped out at me. And I thought it would be worth … Continue reading
Posted in Security, System Administration, System Engineering, Technology
Tagged cybersecurity, development, doxygen, frameworks, fuzzers, javadoc, lifecycle, Microsoft, Perl, python, scapy, SDL, Security, sulley
Leave a comment
The Top Eleven Reasons why Security Experts get no Respect
Let’s face it – being a security expert is difficult. While security technology is very difficult, dealing with people, especially with people who don’t work in the security field, is far more difficult. Why is that, you say? I have … Continue reading
The need for Public Password Policies
After reading the Dashlane report on “The Illusion of Personal Data Security in E-Commerce”, I kept thinking about how developers replicate common security mistakes and that real progress in security rarely occurs. The industry’s current password policies are a disaster. … Continue reading
Posted in Security, Technology
Tagged Dashlane, KeePass, LastPass, Passwords, Policy, Public Password Policy, RDF, Resource Description Framework, SADL, Security, Security Policy, Semantic Web, Web
2 Comments
Improving the HTTPS of Firefox using HowsMySSL.com and about:config
The web site HowsMySSL gives Firefox 26.0 a score of BAD. That’s not good. Here’s how to fix it. Type “about:config” in your broswer URL bar. This goes to the configuration page for Firefox. When you get a warning, ignore … Continue reading
The new attack vector – HID
After attending Black Hat 2010/DEFCON 18, the world-famous hacking convention, I will make a prediction of a large number of attacks using USB devices being discovered for the next few years. USB drives can be dangerous. If you store sensitive … Continue reading
