Roger Halbheer on Security
Maybe Heartbleed has the positive side-effect that users think about using different passwords for different sites (and then a password manager?) or websites start to think about using two-factor authentication? The downside typically is, that these effects tend not to last all too long… or how far did Snowden really change people’s behavior? Heartbleed’s silver…
DetailsThat’s a big “outch”: Be Careful what you Scan for! Just to quote SANS: After some fun and games at one customer site in particular, I found that the SSL services on the earlier versions of the HP Proiliant Servers iLo ports (iL01 and iLO2) are not susceptible to heartbleed. However, their implementation of SSL…
DetailsI was doing quite some PKI projects in my former life. One of the key themes during the policy discussion and then afterwards in the implementation was always the way somebody can revoke a certificate and then how the revocation was communicated. Shall OCSP be used or shall we stay with the good old CRLs?…
DetailsThis is the first time, I had to go through an emergency update process of that scale – well better, my team went, I do not want to claim any success here for myself. I was basically just an observer. However, there were a few interesting things, which I learned during the last few days:…
DetailsI guess, you have have been through such meetings as well? At least I felt fairly often like that, when I was in consulting
Roger
The next development in the whole NSA discussion. The EU and Brazil decided to build a transatlantic cable between Europe and Latin America – as a reaction to protect privacy, they say. Well, the quotes are fairly harsh and direct… We have to respect privacy, human rights and the sovereignty of nations. We don’t want…
DetailsRemember my post back in November? If something is free – you are the product! – Now I read an article today, which completely proves this point. It is about Google being sued for scanning student emails. The really interesting thing is this quote: Of course it’s not news that Google reads the emails in…
DetailsIt is fairly well-known that “the Internet” knows a lot about us. However, there is a really good story on ZDNet, which shows how far you can go even with people who try their best to protect their identity. Before you read the article, there is one thing to mention: To my knowledge there are…
DetailsA teacher in the US reached a settlement with his former employer regarding an age discrimination suit. It was agreed that the $80k settlement should remain confidential. However, the teacher informed the court that they had to tell their daughter “something”. Which led the girl to post on Facebook (“only” to her 1200 “friends”): Mama…
DetailsIt is obvious: Less admin privileges reduces the risk of successful attacks. This is not really news, isn’t it? That this reduces the attack surface dramatically, well, not new either: Time to drop unnecessary admin privileges What I am really wondering: We are all talking about Bring Your Own Device scenarios, where it is to…
DetailsWeak and lost passwords are always a challenge in an online world. Different countries work now on a protocol to support different authentication methods in an online world to make passwords redundant. I think that this is a really good an interesting approach to keep an eye on: Password-free online authentication a step closer Roger…
DetailsThe White House released a framework for the critical infrastructure regarding Cybersecurity. The interesting part is, that it is not based on a certification approach but on risk management. Definitely the right mindset as it allows companies to move away from compliance management to risk management. I am absolutely convinced that managing compliance has its…
DetailsIn the recent years several attacks on different customer systems became public (from Sony, Adobe etc. etc.) and it is sometimes hard to keep up with the different lists, which are on the web to figure out, whether your address was part of it. I recently found a service offered by a guy called Troy…
DetailsSometimes when I talk to security people, I am astonished, how self-confident they are that they will not be victimized by fraud or identity theft. There is a very good chance that the barrier to get into my identities is higher than with others but not impossible. Let me tell you a story: I have…
DetailsHardly a day goes by without news in the NSA/Snowden affair. Bruce Schneier adds to the fuel by publishing an NSA Exploit of the Day. But while this affair drives news cycles, the ideas on how to address the problem of governments spying on each other and on citizens as such are not too numerous.…
DetailsA lot has been written about the incident at the US retailer “Target”. It is always interesting how easy such incidents happen – without really blaming Target in this case. It seems that a virus infected their payment terminals and read the magnetic stripe of the Credit Card including the name of the owner –…
DetailsThis is a really cool comic explaining security – just enjoy here.
Roger
Interesting times… We all know that creating a truly random number generator to base crypto keys on is one of the most difficult tasks in cryptography. Back in September, the New York Times announced that NSA has a backdoor into encryption implementations (see here) and later that NSA wrote a widely used random number generator…
DetailsWhenever a new Snowden document is released, a new wave of discussions in the press ramps up. Discussions about governments spying on each other and on citizens. However, there is another interesting aspect, which we need to look at in my opinion. Edward Snowden, a contractor for the NSA, left the buildings with a lot…
DetailsI was in a training today, where the trainer showed this video, I wanted to share with you. Really impressive stats, which makes you think about the world we are living in and the world our kids are growing into:
Roger
