Roger Halbheer on Security
It is fairly well-known that “the Internet” knows a lot about us. However, there is a really good story on ZDNet, which shows how far you can go even with people who try their best to protect their identity. Before you read the article, there is one thing to mention: To my knowledge there are…
DetailsA teacher in the US reached a settlement with his former employer regarding an age discrimination suit. It was agreed that the $80k settlement should remain confidential. However, the teacher informed the court that they had to tell their daughter “something”. Which led the girl to post on Facebook (“only” to her 1200 “friends”): Mama…
DetailsIt is obvious: Less admin privileges reduces the risk of successful attacks. This is not really news, isn’t it? That this reduces the attack surface dramatically, well, not new either: Time to drop unnecessary admin privileges What I am really wondering: We are all talking about Bring Your Own Device scenarios, where it is to…
DetailsWeak and lost passwords are always a challenge in an online world. Different countries work now on a protocol to support different authentication methods in an online world to make passwords redundant. I think that this is a really good an interesting approach to keep an eye on: Password-free online authentication a step closer Roger…
DetailsThe White House released a framework for the critical infrastructure regarding Cybersecurity. The interesting part is, that it is not based on a certification approach but on risk management. Definitely the right mindset as it allows companies to move away from compliance management to risk management. I am absolutely convinced that managing compliance has its…
DetailsIn the recent years several attacks on different customer systems became public (from Sony, Adobe etc. etc.) and it is sometimes hard to keep up with the different lists, which are on the web to figure out, whether your address was part of it. I recently found a service offered by a guy called Troy…
DetailsSometimes when I talk to security people, I am astonished, how self-confident they are that they will not be victimized by fraud or identity theft. There is a very good chance that the barrier to get into my identities is higher than with others but not impossible. Let me tell you a story: I have…
DetailsHardly a day goes by without news in the NSA/Snowden affair. Bruce Schneier adds to the fuel by publishing an NSA Exploit of the Day. But while this affair drives news cycles, the ideas on how to address the problem of governments spying on each other and on citizens as such are not too numerous.…
DetailsA lot has been written about the incident at the US retailer “Target”. It is always interesting how easy such incidents happen – without really blaming Target in this case. It seems that a virus infected their payment terminals and read the magnetic stripe of the Credit Card including the name of the owner –…
DetailsThis is a really cool comic explaining security – just enjoy here.
Roger
Interesting times… We all know that creating a truly random number generator to base crypto keys on is one of the most difficult tasks in cryptography. Back in September, the New York Times announced that NSA has a backdoor into encryption implementations (see here) and later that NSA wrote a widely used random number generator…
DetailsWhenever a new Snowden document is released, a new wave of discussions in the press ramps up. Discussions about governments spying on each other and on citizens. However, there is another interesting aspect, which we need to look at in my opinion. Edward Snowden, a contractor for the NSA, left the buildings with a lot…
DetailsI was in a training today, where the trainer showed this video, I wanted to share with you. Really impressive stats, which makes you think about the world we are living in and the world our kids are growing into:
Roger
Over all the years in security, there are a few problems, which land on my desk over and over again. One – as an example – is how to really, practically assess risks, one is how to measure security and one is event correlation. I know that tools are sold for each of these problems…
DetailsSwisscom just published an app called CheckAp to help you understand your exposure on your phone. It helps you to look at what the different apps want to access on your phone like GPS, camera, contacts etc. Basically you can get the same kind of information in the app stores. However, depending on the platform…
DetailsIf you look at the press and the discussions on the web a lot of people complain about the use of their data by service providers. Personally, I am convinced that certain companies stretch their interpretation of privacy further than they should because they can afford it based of the position they have in the…
DetailsTrust is a key – even in the underground economy. However, it is hard to establish – even worse in the underground economy. In the real world, we get together and I start to get to know you. I can see you and over time decide whether we can trust each other or not. In…
DetailsThe whole discussion about NSA and Mr. Snowden sometimes gives me the impression the people think that the US is the only one which spies. Well, let’s think again. You might have seen the reports: Russia ‘spied on G20 leaders with USB sticks’. They actually used an interesting approach by handing out complementary USB sticks…
DetailsEugene Kaspersky made it clear very often: Everything is at risk (and the world is going to end unless we use very secure and dedicated Operation Systems). I would guess the ISS is very well protected and has kind of an air gap – at least when in space as the transmission might not be…
DetailsWhen I look at security organizations, I often seem them doing everything but mainly focusing on governance and compliance. The key question from my point of view is often: Where does security add value? Why should the business (besides compliance to laws, regulations, policies and common sense) even focus on security. If we try to…
Details