Roger Halbheer on Security
This is the first time, I had to go through an emergency update process of that scale – well better, my team went, I do not want to claim any success here for myself. I was basically just an observer. However, there were a few interesting things, which I learned during the last few days:…
DetailsI guess, you have have been through such meetings as well? At least I felt fairly often like that, when I was in consulting
Roger
The next development in the whole NSA discussion. The EU and Brazil decided to build a transatlantic cable between Europe and Latin America – as a reaction to protect privacy, they say. Well, the quotes are fairly harsh and direct… We have to respect privacy, human rights and the sovereignty of nations. We don’t want…
DetailsRemember my post back in November? If something is free – you are the product! – Now I read an article today, which completely proves this point. It is about Google being sued for scanning student emails. The really interesting thing is this quote: Of course it’s not news that Google reads the emails in…
DetailsIt is fairly well-known that “the Internet” knows a lot about us. However, there is a really good story on ZDNet, which shows how far you can go even with people who try their best to protect their identity. Before you read the article, there is one thing to mention: To my knowledge there are…
DetailsA teacher in the US reached a settlement with his former employer regarding an age discrimination suit. It was agreed that the $80k settlement should remain confidential. However, the teacher informed the court that they had to tell their daughter “something”. Which led the girl to post on Facebook (“only” to her 1200 “friends”): Mama…
DetailsIt is obvious: Less admin privileges reduces the risk of successful attacks. This is not really news, isn’t it? That this reduces the attack surface dramatically, well, not new either: Time to drop unnecessary admin privileges What I am really wondering: We are all talking about Bring Your Own Device scenarios, where it is to…
DetailsWeak and lost passwords are always a challenge in an online world. Different countries work now on a protocol to support different authentication methods in an online world to make passwords redundant. I think that this is a really good an interesting approach to keep an eye on: Password-free online authentication a step closer Roger…
DetailsThe White House released a framework for the critical infrastructure regarding Cybersecurity. The interesting part is, that it is not based on a certification approach but on risk management. Definitely the right mindset as it allows companies to move away from compliance management to risk management. I am absolutely convinced that managing compliance has its…
DetailsIn the recent years several attacks on different customer systems became public (from Sony, Adobe etc. etc.) and it is sometimes hard to keep up with the different lists, which are on the web to figure out, whether your address was part of it. I recently found a service offered by a guy called Troy…
DetailsSometimes when I talk to security people, I am astonished, how self-confident they are that they will not be victimized by fraud or identity theft. There is a very good chance that the barrier to get into my identities is higher than with others but not impossible. Let me tell you a story: I have…
DetailsHardly a day goes by without news in the NSA/Snowden affair. Bruce Schneier adds to the fuel by publishing an NSA Exploit of the Day. But while this affair drives news cycles, the ideas on how to address the problem of governments spying on each other and on citizens as such are not too numerous.…
DetailsA lot has been written about the incident at the US retailer “Target”. It is always interesting how easy such incidents happen – without really blaming Target in this case. It seems that a virus infected their payment terminals and read the magnetic stripe of the Credit Card including the name of the owner –…
DetailsThis is a really cool comic explaining security – just enjoy here.
Roger
Interesting times… We all know that creating a truly random number generator to base crypto keys on is one of the most difficult tasks in cryptography. Back in September, the New York Times announced that NSA has a backdoor into encryption implementations (see here) and later that NSA wrote a widely used random number generator…
DetailsWhenever a new Snowden document is released, a new wave of discussions in the press ramps up. Discussions about governments spying on each other and on citizens. However, there is another interesting aspect, which we need to look at in my opinion. Edward Snowden, a contractor for the NSA, left the buildings with a lot…
DetailsI was in a training today, where the trainer showed this video, I wanted to share with you. Really impressive stats, which makes you think about the world we are living in and the world our kids are growing into:
Roger
Over all the years in security, there are a few problems, which land on my desk over and over again. One – as an example – is how to really, practically assess risks, one is how to measure security and one is event correlation. I know that tools are sold for each of these problems…
DetailsSwisscom just published an app called CheckAp to help you understand your exposure on your phone. It helps you to look at what the different apps want to access on your phone like GPS, camera, contacts etc. Basically you can get the same kind of information in the app stores. However, depending on the platform…
DetailsIf you look at the press and the discussions on the web a lot of people complain about the use of their data by service providers. Personally, I am convinced that certain companies stretch their interpretation of privacy further than they should because they can afford it based of the position they have in the…
Details