Albert Zenkoff Post list
On the utility of technical security
- Albert Zenkoff
- 2013-02-07
- Management, error, general, human, inevitability, management, passwords, recovery, security, weakest link
It is often said that the system is only as strong as the weakest link. When you have good security and strong passwords, the weakest link will be the human. As has always been. Think of how the system can be recovered from a breach when the problem is not technical but human. [youtube=http://youtu.be/W50L4UPfWsg]
Read More
Security by …
- Albert Zenkoff
- 2013-01-29
- Management, Design, Development, philosophy, security, security by completeness, security by design, security by ignorance, security by isolation, security by obscurity, security type
We know several common buzzwords for determining security strategy of a company (or an individual). Let’s try to define them once again, for completeness sake. Security by ignorance Easily summed up by “what you do not know cannot hurt you” and is obviously wrong. Typically happens at the early stages of software developer’s career when ...
Read More
Common passwords blacklist
- Albert Zenkoff
- 2013-01-09
- Technology, blacklist, brute force attack, general, Password, password database, password verification, passwords, rules, technology
Any system that implements password authentication must check whether the passwords are not too common. Every system faces the brute-force attacks that try one or another list of most common password (and usually succeed, by the way). The system must have a capability to slow down an attacker by any means available: slowing down system ...
Read More
Hack NFC Door Locks
- Albert Zenkoff
- 2012-12-27
- Technology, authentication, door locks, identification, NFC, Physical security, protocol, RFID, security, Smart card, wireless
I can see in the logs that people sometimes come to this site with interesting searches. A recent interesting search was “Hack NFC Door Locks”. Well, since there is interest in the subject, why not? Let’s talk about NFC, contactless smart card and RFID door locks, shall we not? The actual technology used for the ...
Read MoreQuantitative analysis of faults shows that…
- Albert Zenkoff
- 2012-11-11
- Management, code, Development, general, good code, good developer, inevitability, learning, quality, quantitative analysis, research
Not to worry, we are not going to get overly scientific here. I happened across this extremely interesting paper called “Quantitative analysis of faults and failures in a complex software system” published by Norman Fenton and Niclas Ohlsson in ye god old year 2000. The paper is very much worth a read, so if you ...
Read More
Cryptography: just do not!
- Albert Zenkoff
- 2012-10-16
- Technology, Algorithm, Cryptography, Development, don't, encryption, hashing, homegrown, philosophy, software, technology
Software developers regularly attempt to create new encryption and hashing algorithms, usually to speed up things. There is only one answer one can give in this respect: Here is a short summary of reasons why you should never meddle in cryptography. Cryptography is mathematics, very advanced mathematics There are only a few good cryptographers and ...
Read More
Supply chain: Huawei and ZTE
- Albert Zenkoff
- 2012-10-14
- Management, China, general, Huawei, news, supply chain, supply chain security, telecom equipment, USA, ZTE
US House of Representatives published an interesting report about their concerns with Huawei and ZTE, large Chinese telecom equipment providers. The report states openly that there are concerns that the equipment, parts and software may be manipulated by the Chinese government agencies, or on their behalf, in order to conduct military, state and business intelligence. ...
Read MoreThe Elderwood Report
- Albert Zenkoff
- 2012-10-12
- Management, attacks, Elderwood project, Elderwood report, infrastructure, security, Symantec, Zero-day attack
Symantec reports very interesting findings in their report of the so-called “Elderwood Project”. A highly interesting paper that I can recommend as bedside reading. Here is a teaser: In 2009, Google was attacked by a group using the Hydraq (Aurora) Trojan horse. Symantec has monitored this group’s activities for the last three years as they ...
Read MoreSHA-3 is there!
- Albert Zenkoff
- 2012-10-04
- Technology, Algorithm, competition, hash, hashing, news, NIST, SHA, SHA-3
NIST has announced the end of the Secure Hash Algorithm competition the day before yesterday, naming Keccak as the winner and making it the SHA-3 algorithm. The complete announcement from NIST is here. One thing of note is that since the algorithm was developed by STMicroelectronics and NXP Semiconductors, the algorithm is heavily optimized for ...
Read MoreIEEE should be embarrassed
- Albert Zenkoff
- 2012-09-27
- Management, IEEE, incident, news, passwords, plaintext, security practices, user information
“The world’s largest professional association for the advancement of technology” has been thoroughly embarrassed in an accident where they left their log files containing user names and passwords open for FTP access to all on the Net for more than a month, according to a DarkReading report. Or, at least, I think they should be ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
Share and stay updated
About the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.