Security of the Internet of Things (the “thing†being an Aircraft)
Well, we can debate a lot about security in the area of the Internet of Things but this is now really scary: Security Researcher’s Hack Caused Airplane To Climb
Roger
Fake Password Vault
Long time no blog… I know. It was a fairly busy and very intense time. Since quite a while I am using a password manager since a long time for “not so critical” passwords. It is could-based and helps me a lot from a convenience point of view. However, it has one single caveat: the…
DetailsGreat Awareness Video
Australia has proven to be very creative in the past when it comes to cybersecurity and measures against it. Yet again, they published a fairly good video on security awareness. The only drawback: I you are not Australian – it is not THAT easy to understand J Roger Related articles Australian cybersecurity video plays dumb…
DetailsMicrosoft Outlook for Android and iOS – what did the developers think?
I would love to use this cool mail app – really. One of the pain points since moving away from Windows Phone (to me definitely the best phone on the market with too many apps missing) is finding a good and efficient mail/calendar/task app. There are plenty out there but hardly one that is as…
DetailsHow far reaching will Cyber-Sabotage become?
In recent discussions, one point came up consistently: We all know about cyber crime and we all learned about the espionage activities by NSA and other governmental organizations. This quite naturally leads to a much further reaching question: We know that certain governments tend to compromise our supply chain. What if they do it not…
DetailsMicrosoft drops Advance Notification Service
For more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsMicrosoft drops Advanced Notification Service
For more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsMicrosoft drops Advanced Notification Service
For more than a decade I was working for Microsoft. I saw all the progress Microsoft made with Trustworthy Computing since Blaster and the introduction of Windows XP SP2. I defended Microsoft’s moves in the field as a Chief Security Advisor in Switzerland, afterwards EMEA and finally I was globally responsible for this outstanding community.…
DetailsDetails on the Belgacom Hack 2013
In June 2013 an attack on Belgacom surfaced. Even though it seems that it started 2011, Belgacom seemed to figure out that they are under attack as Exchange did not work properly anymore. There are a lot of interesting details on the attack in this article: Operation Socialist. What strikes me more than the attack…
DetailsDo you trust the Cloud?
Trust in your cloud provider is key, when you move more data there than data classified as public. Then come all the solutions encrypting your data, which keeps it safe but at the end of the data loses search. A real problem I have not seen a solution. Additionally we run into the problem protecting…
DetailsChallenges with Electronic Voting
It is and was a big theme in politics: e-Voting. Even though I was confronted with the first projects early 2000 I do not like them more 14 years later… There are different reasons for that: At least in Switzerland, I do not see any value. We can vote personally as well as by postal…
DetailsFaked Data Breaches
Recently a (at least for me) new phenomenon appeared on the web: Faked data breaches. As the announcement of a data breach typically draws a lot of attention, it is just to be expected that faked announcements will hit the web. Additionally in a lot of media like Twitter and Facebook, speed is more important…
DetailsAssessing Security of Acquired Software
Ages ago, a few companies founded SAFECode – an organization to help improve security in development. In a lot of cases, they really publish interesting work which can be leveraged by organizations. Steve Lipner (one of the developers of the Security Development Lifecycle at Microsoft) and Eric Baze, EMC just published an interesting post on…
DetailsWhen Scammers get a certificate for their domain
Again, it was to be expected that scammers would jump on the new domains ending in – like .support. The interesting thing now is, that as they own the domain they can fake two thing: If you mouse-over the link, what you see is what is under the link. So, we trained users for years…
DetailsEndpoint security and the death of AV
This is kind of interesting: IDC reports endpoint security market is booming, but isn’t antivirus dead? I am still deeply convinced that Anti-Virus by itself does not add a lot of value. You can use better technology to protect against malware (see Is Anti-Virus Technology Dead?). If I see that this market is still predicted…
DetailsSecurity in a virtual and global world
The longer the more the industry as well as the customers move towards outsourcing or the Cloud (which – to me – is a special case of outsourcing). If we look at the security impact of such moves, I guess that for most customers/enterprises it makes a lot of sense. IT and Security is often…
DetailsThe cost of being a criminal
The economy of cybercrime is one of the themes I often look at. Basically, when defending against criminals, it is all about raising the cost in a way that their balance sheet reaches a tipping point towards cost. In other words, it is too expensive to carry out an attack to be attractive. Raising the…
DetailsYou need to understand security to get it right
In certain areas, getting security right can seem to be very easy. But, hmm, let’s look at this: Poorly anonymized logs reveal NYC cab drivers’ detailed whereabouts. They used MD5 to anonymize the license plate numbers of the taxi drivers – and they did not use any salt. So, it is fairly easy to run…
DetailsHuman Centered Security
When I look at the way security is treated in a lot of companies, I see two fundamental challenges: Security is seen as a compliance function only. In other words, security people tend to hide behind policies. This is fairly simple for us, isn’t it? We can take the policy and tell somebody to follow…
DetailsGoogle and Privacy – do they get it right? Ever?
Let’s assume for a second, that the content of this article is correct: Google’s backward step on Android app privacy. Then it shows – once more – that Google is a very innovative company with a very limited view on user’s privacy and security. When you look at the new security user experience in the…
Details