technology
Over-engineering
- Albert Zenkoff
- 2014-04-13
- Technology, bugs, code size, coding techniques, complexity, keep it simple, kiss, maintainability, management, over-engineering, overengineering, show off, technology
Causes for security problems are legion. One of the high pertinence problems in software development is called “over-engineering” – creation of over-complicated design or over-complicated code not justified by the complexity of the task at hand. Often it comes as a result of the designer’s desire to show off, to demonstrate the knowledge of all ...
Read More
Camera and microphone attack on smartphones
- Albert Zenkoff
- 2013-11-13
- Technology, attack, attack path, camera, microphone, mobile, PIN, security, side-channel, smart phone, technology
The researches at the University of Cambridge have published a paper titled “PIN Skimmer: Inferring PINs Through The Camera and Microphone” describing a new approach to recovering PIN codes entered on a mobile on-screen keyboard. We had seen applications use the accelerometer and gyroscope before to infer the buttons pressed. This time, they use the ...
Read More
Google bots subversion
- Albert Zenkoff
- 2013-11-09
- Technology, application security, attack, bots, Development, firewall, Google, philosophy, secure by design, software, software design, software security, subversion, technology, unexpected
There is a lot of truth in saying that every tool can be used by good and by evil. There is no point in blocking the tools themselves as the attacker will turn to new tools and subvert the very familiar tools in unexpected ways. Now Google crawler bots were turned into such a weapon ...
Read More
Cloud security
- Albert Zenkoff
- 2013-04-27
- Technology, cloud, cloud security, data center, database, file server, mainframe, security, security models, security types, technology, virtual, VM, web server
Let’s talk a little about the very popular subject nowadays – the so-called ‘cloud security’. Let’s determine what it is, what we are talking about, in fact, and see what may be special about it. ‘Cloud’ – what is it? Basically, the mainframes have been doing ‘cloud’ all along, for decades now. Cloud is simply ...
Read MoreExodus from Java
- Albert Zenkoff
- 2013-04-09
- Technology, coding techniques, Development, false promise, general, inherent security, Java, languages, programming, secure software, sloppy, technology
Finally the news that I was subconsciously waiting for: the exodus of companies from Java has started. It does not come as a surprise at all. Java has never fulfilled the promises it had at the beginning. It did not provide any of the portability, security and ease of programming. I am only surprised it ...
Read More
Common passwords blacklist
- Albert Zenkoff
- 2013-01-09
- Technology, blacklist, brute force attack, general, Password, password database, password verification, passwords, rules, technology
Any system that implements password authentication must check whether the passwords are not too common. Every system faces the brute-force attacks that try one or another list of most common password (and usually succeed, by the way). The system must have a capability to slow down an attacker by any means available: slowing down system ...
Read More
Cryptography: just do not!
- Albert Zenkoff
- 2012-10-16
- Technology, Algorithm, Cryptography, Development, don't, encryption, hashing, homegrown, philosophy, software, technology
Software developers regularly attempt to create new encryption and hashing algorithms, usually to speed up things. There is only one answer one can give in this respect: Here is a short summary of reasons why you should never meddle in cryptography. Cryptography is mathematics, very advanced mathematics There are only a few good cryptographers and ...
Read More
Random or not? That is the question!
- Albert Zenkoff
- 2012-09-13
- Technology, layered security, PRNG, Pseudorandom Numbers, random, random number generator, RNG, security, separation by function, technology
Oftentimes, the first cryptography related question you come across while designing a system is the question of random numbers. We need some random numbers in many places when developing web applications: identifiers, tokens, passwords etc. all need to be somewhat unpredictable. The question is, how unpredictable should they be? In other words, what should be ...
Read More
NFC, ain’t that funny
- Albert Zenkoff
- 2012-08-10
- Technology, invention, mobile, near field communication, NFC, security as afterthought, technology, wireless
When we invented NFC (Near Field Communication) we never intended it for some of the uses that it was put to afterwards. And when we started discussing those unconventional (for us) uses, we immediately pointed out all security problems and proposed methods to protect the NFC devices from various attacks. That was… probably 2004. Do ...
Read More
Biometrics – any good?
- Albert Zenkoff
- 2012-07-20
- Technology, authentication, biometrics, identification, philosophy, security, technology, tracking
I think I already talked about this subject previously but not here. Anyhow, the subject bears repeating. Many go “yippee!” at the mention of biometrics and start to think their user authentication problem is solved. Do not pay attention, they will end up in the newspaper headlines fairly soon, either for massive security failures or ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
