What`s New
TrueCrypt
- Albert Zenkoff
- 2015-06-16
- Society, disk encryption, encryption, tool, truecrypt, trust
Since the anonymous team behind TrueCrypt has left the building, security aware people were left wondering what’s next. I personally keep using TrueCrypt and as long as it works I will keep recommending it. Recently, Bruce Schneier has raised a few red flags by his strange advice that seems to indicate that he is being ...
Read More
The human factor: philosophy and engineering
- Albert Zenkoff
- 2015-04-22
- Management, arete, blind men and an elephant, engineering, excellence, holistic approach, long-term view, philosophy, quality, security, systemic approach, value, virtue
The ancient Greeks had a concept of “aretê” (/ˈærətiː/) that is usually loosely translated to English as “quality”, “excellence”, or “virtue”. It was all that and more: the term meant the ultimate and harmonious fulfillment of task, purpose, function, or even the whole life. Living up to this concept was the highest achievement one could ...
Read More
GAO report on cybersecurity in Air Traffic Control is outright scary
- Albert Zenkoff
- 2015-04-17
- Society, aircraft, airplane, control system, FAA, firewall, GAO, in-flight, network, terror, terrorist attack, USA, vulnerability
The fact that the modern aircraft can be controlled from the ground is not widely publicized but known. There was though a lot of controversy, including among specialists, about how much of control could be intercepted by unauthorized 3rd parties. Well, now the extent of the problem is confirmed officially. The U.S. Government Accountability Office ...
Read More
Passwords and other secrets in source code
- Albert Zenkoff
- 2015-03-30
- Technology, certificates, code scanner, Development, embed, keys, secrets, source code
Secrets are bad. Secrets in source code are an order of magnitude worse. Secrets are difficult to protect. Every attacker goes after the secrets and we must protect our secrets against all of them. The secrets are the valuable part of our software and that’s why they are bad – they represent an area of ...
Read More
Security Forum Hagenberg 2015
- Albert Zenkoff
- 2015-03-29
- Society, announcement, Austria, Hagenberg im Mühlkreis, human factor, philosophy, presentation, public, security, Security Forum, talk
I will be talking about the philosophy in engineering or the human factor in the development of secure software at the Security Forum in Hagenberg im Mühlkreis, Austria on 22nd of April. https://www.securityforum.at/en/ My talk will concentrate on the absence of a holistic, systemic approach in the current software development as a result of taking ...
Read More
House key versus user authentication
- Albert Zenkoff
- 2015-03-05
- Technology, authentication, authorization, difference, house key, key, protection
I got an interesting question regarding the technologies we use for authentication that I will discuss here. The gist of the question is that we try to go all out on the technologies we use for the authentication, even trying unsuitable technologies like biometrics, while, on the other hand, we still use fairly simple keys ...
Read More
Workshop on Agile Development of Secure Software (ASSD’15)
- Albert Zenkoff
- 2015-01-30
- Management, Agile Development of Secure Software, announcement, ARES, ASSD, call for papers, development of secure systems, security, Security awareness, Security metrics, workshop
Call for Papers: First International Workshop on Agile Development of Secure Software (ASSD’15) in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES’15) August 24-28, 2015, Université Paul Sabatier, Toulouse, France Submission Deadline: April 15, 2015 Workshop website: http://www.ares-conference.eu/conference/workshops/assd-2015/ Scope Most organizations use the agile software development methods, such as Scrum and ...
Read More
About the so-called “uncertainty principle of new technology”
- Albert Zenkoff
- 2015-01-08
- Technology, arete, beauty, Collingridge Dilemma, engineering, harmony, inherently hard, new technology, quality, scientific discovery, security, society
It has been stated that the new technology possesses an inherent characteristic that makes it hard to secure. This characteristic is articulated by David Collingridge in what many would like to see accepted axiomatically and even call it the “Collingridge Dilemma” to underscore its immutability: That, when a technology is new (and therefore its spread ...
Read More
Sony 2014 network breach, the most interesting question remains unanswered
- Albert Zenkoff
- 2014-12-23
- Management, attack, bigger picture, breach, infiltration, information extraction, network, purpose of attack, question, security, Sony
The November 2014 breach of security at Sony Corporation remains the subject of conversation throughout the end of the year. Many interesting details have become known while even more remains hidden. Most claims and discussions only serve to create noise and diversion though. Take the recent discussion of the antivirus software, for example. Sony Corporation ...
Read More
ENISA published new guidelines on cryptography
- Albert Zenkoff
- 2014-12-04
- Management, crypto, Cryptography, ENISA, EU, recommendation, report
European Union Agency for Network and Information Security (ENISA) has published the cryptographic guidelines “Algorithms, key size and parameters” 2014 as an update to the 2013 report. This year, the report has been extended to include a section on hardware and software side-channels, random number generation, and key life cycle management. The part of the ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
