Roger Halbheer on Security
In my opinion, this is an interesting problem: We are very used to today’s asymmetric crypto algorithms, which all base on the problem that it is unbelievably hard to factor a very large number into primes. A hard mathematical problem and security of the Internet is based on it. Now, with quantum computing, this mathematical…
DetailsIf I would have to speculate, I would guess that security in the internet of things will keep appearing in my blog continuously in the future… Looking at the last few weeks, there are different vulnerabilities and incidents which took place showing that the “things” connected to the Internet are more vulnerable than we would…
DetailsThe Dutch TV broadcaster VPRO made a great video (about 50 minutes) about zero-days and security leaks for sales.
It raises really good social questions about the role of governments and citizens. Really worth looking at.
Roger
It is really scary to me: We get discussions again about backdoors in crypto-algorithms, export control for encryption etc. etc. The list is endless. When I started in security just before the change of the millennium, we already had these discussions and I thought that it was agreed that this is a bad thing. Backdoors…
DetailsManagers often do not understand the engineers – and engineers do not understand what drives a manager. A typical conflict, which gets worse when we enter the world of agile development methods. Control and processes lose importance, speed and therefore “gut feelings” need more focus. Günter Dück, former CTO of IBM Germany had a very…
DetailsIn IT security we talk about the limited impact perimeter security has since a long time. The firewalls do not play the roles anymore they used to as the business got too complex and the term “perimeter” has a completely different notion today. So we try to find new ways to defend: We focus more…
DetailsNow for something completely different: I guess that the link between business and security is one of the big challenges of today. How can we make security more relevant for the business or coming from the other side, how can we enable the business to understand, what we do in security? A few months ago,…
DetailsOne of the key challenges in the every day’s world of a CSO is reporting. How and especially what do we report to the board and how do we make it relevant to the people there? We all know that finance has a fairly clear and standardized reporting scheme as the subject matured over time…
DetailsWell, we can debate a lot about security in the area of the Internet of Things but this is now really scary: Security Researcher’s Hack Caused Airplane To Climb
Roger
Long time no blog… I know. It was a fairly busy and very intense time. Since quite a while I am using a password manager since a long time for “not so critical” passwords. It is could-based and helps me a lot from a convenience point of view. However, it has one single caveat: the…
DetailsAustralia has proven to be very creative in the past when it comes to cybersecurity and measures against it. Yet again, they published a fairly good video on security awareness. The only drawback: I you are not Australian – it is not THAT easy to understand J Roger Related articles Australian cybersecurity video plays dumb…
DetailsI would love to use this cool mail app – really. One of the pain points since moving away from Windows Phone (to me definitely the best phone on the market with too many apps missing) is finding a good and efficient mail/calendar/task app. There are plenty out there but hardly one that is as…
DetailsIn recent discussions, one point came up consistently: We all know about cyber crime and we all learned about the espionage activities by NSA and other governmental organizations. This quite naturally leads to a much further reaching question: We know that certain governments tend to compromise our supply chain. What if they do it not…
DetailsFor more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsFor more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsFor more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsIn June 2013 an attack on Belgacom surfaced. Even though it seems that it started 2011, Belgacom seemed to figure out that they are under attack as Exchange did not work properly anymore. There are a lot of interesting details on the attack in this article: Operation Socialist. What strikes me more than the attack…
DetailsTrust in your cloud provider is key, when you move more data there than data classified as public. Then come all the solutions encrypting your data, which keeps it safe but at the end of the data loses search. A real problem I have not seen a solution. Additionally we run into the problem protecting…
DetailsIt is and was a big theme in politics: e-Voting. Even though I was confronted with the first projects early 2000 I do not like them more 14 years later… There are different reasons for that: At least in Switzerland, I do not see any value. We can vote personally as well as by postal…
DetailsRecently a (at least for me) new phenomenon appeared on the web: Faked data breaches. As the announcement of a data breach typically draws a lot of attention, it is just to be expected that faked announcements will hit the web. Additionally in a lot of media like Twitter and Facebook, speed is more important…
Details