Albert Zenkoff Post list
Windows 10: catching up to Google?
- Albert Zenkoff
- 2015-09-01
- Society, browsing, history, keylogger, keystrokes, logger, privacy, sound, spying, video, violation, Windows
Windows 10 has turned out to be a very interesting update to the popular desktop operating system. Apparently, Microsoft envies Google for their success in spying on everyone and their dog through the Internet. Accordingly, Microsoft could not resist turning Windows into a mean spying machine. People were mightily surprised when all of the new ...
Read More
Continue the TrueCrypt discussion: Windows 10
- Albert Zenkoff
- 2015-08-21
- Society, bitlocker, data safety, disk encryption, truecrypt, Windows
I already pointed out previously that I do not see any alternative to the TrueCrypt for encrypting data on disk. TrueCrypt is the only tool that we can more or less trust so far. You will probably remember that Bruce Schneier recommended to use Windows encryption, the BitLocker, instead of TrueCrypt and I called that ...
Read More
TrueCrypt
- Albert Zenkoff
- 2015-06-16
- Society, disk encryption, encryption, tool, truecrypt, trust
Since the anonymous team behind TrueCrypt has left the building, security aware people were left wondering what’s next. I personally keep using TrueCrypt and as long as it works I will keep recommending it. Recently, Bruce Schneier has raised a few red flags by his strange advice that seems to indicate that he is being ...
Read More
The human factor: philosophy and engineering
- Albert Zenkoff
- 2015-04-22
- Management, arete, blind men and an elephant, engineering, excellence, holistic approach, long-term view, philosophy, quality, security, systemic approach, value, virtue
The ancient Greeks had a concept of “aretê” (/ˈærətiː/) that is usually loosely translated to English as “quality”, “excellence”, or “virtue”. It was all that and more: the term meant the ultimate and harmonious fulfillment of task, purpose, function, or even the whole life. Living up to this concept was the highest achievement one could ...
Read More
GAO report on cybersecurity in Air Traffic Control is outright scary
- Albert Zenkoff
- 2015-04-17
- Society, aircraft, airplane, control system, FAA, firewall, GAO, in-flight, network, terror, terrorist attack, USA, vulnerability
The fact that the modern aircraft can be controlled from the ground is not widely publicized but known. There was though a lot of controversy, including among specialists, about how much of control could be intercepted by unauthorized 3rd parties. Well, now the extent of the problem is confirmed officially. The U.S. Government Accountability Office ...
Read More
Passwords and other secrets in source code
- Albert Zenkoff
- 2015-03-30
- Technology, certificates, code scanner, Development, embed, keys, secrets, source code
Secrets are bad. Secrets in source code are an order of magnitude worse. Secrets are difficult to protect. Every attacker goes after the secrets and we must protect our secrets against all of them. The secrets are the valuable part of our software and that’s why they are bad – they represent an area of ...
Read More
Security Forum Hagenberg 2015
- Albert Zenkoff
- 2015-03-29
- Society, announcement, Austria, Hagenberg im Mühlkreis, human factor, philosophy, presentation, public, security, Security Forum, talk
I will be talking about the philosophy in engineering or the human factor in the development of secure software at the Security Forum in Hagenberg im Mühlkreis, Austria on 22nd of April. https://www.securityforum.at/en/ My talk will concentrate on the absence of a holistic, systemic approach in the current software development as a result of taking ...
Read More
House key versus user authentication
- Albert Zenkoff
- 2015-03-05
- Technology, authentication, authorization, difference, house key, key, protection
I got an interesting question regarding the technologies we use for authentication that I will discuss here. The gist of the question is that we try to go all out on the technologies we use for the authentication, even trying unsuitable technologies like biometrics, while, on the other hand, we still use fairly simple keys ...
Read More
Workshop on Agile Development of Secure Software (ASSD’15)
- Albert Zenkoff
- 2015-01-30
- Management, Agile Development of Secure Software, announcement, ARES, ASSD, call for papers, development of secure systems, security, Security awareness, Security metrics, workshop
Call for Papers: First International Workshop on Agile Development of Secure Software (ASSD’15) in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES’15) August 24-28, 2015, Université Paul Sabatier, Toulouse, France Submission Deadline: April 15, 2015 Workshop website: http://www.ares-conference.eu/conference/workshops/assd-2015/ Scope Most organizations use the agile software development methods, such as Scrum and ...
Read More
About the so-called “uncertainty principle of new technology”
- Albert Zenkoff
- 2015-01-08
- Technology, arete, beauty, Collingridge Dilemma, engineering, harmony, inherently hard, new technology, quality, scientific discovery, security, society
It has been stated that the new technology possesses an inherent characteristic that makes it hard to secure. This characteristic is articulated by David Collingridge in what many would like to see accepted axiomatically and even call it the “Collingridge Dilemma” to underscore its immutability: That, when a technology is new (and therefore its spread ...
Read More