What`s New
Cheap security in real life?
- Albert Zenkoff
- 2014-06-30
- Management, advice, audit, cheap, customer, management, penetration testing, practice, product, quick and dirty, security, security by obscurity, security program, systematic, white box
Security concerns are on the rise, companies are beginning to worry about the software they use. I received again a question that bears answering for all the people and all the companies out there because this is a situation that happens often nowadays. So here is my answer to the question that can be formulated ...
Read More
They never learn password security: Domino Pizza
- Albert Zenkoff
- 2014-06-18
- Management, breach, Domino Pizza, hash, MD5, password database, passwords, ransom, salt
France and Belgium Domino Pizza password database was stolen by the hackers of Rex Mundi. They require a 30,000 euro payment to avoid disclosure. Well, Domino Pizza went to police, so theĀ 592,000 French and 58,000 Belgian customer records will be in the open tonight. What is interesting though? This is 2014. Do you know what ...
Read More
TrueCrypt disappears
- Albert Zenkoff
- 2014-06-02
- Society, audit, container, disk encryption, encryption, security, society, suspicious, Tools, truecrypt
Quite abruptly, the TrueCrypt disk encryption tool is no more. The announcement says that the tool is no longer secure and should not be used. The website provides a heavily modified version of TrueCrypt (7.2) that allows one to decrypt the data and export it from a TrueCrypt volume. Many questions are asked around what ...
Read More
Over-engineering
- Albert Zenkoff
- 2014-04-13
- Technology, bugs, code size, coding techniques, complexity, keep it simple, kiss, maintainability, management, over-engineering, overengineering, show off, technology
Causes for security problems are legion. One of the high pertinence problems in software development is called “over-engineering” – creation of over-complicated design or over-complicated code not justified by the complexity of the task at hand. Often it comes as a result of the designer’s desire to show off, to demonstrate the knowledge of all ...
Read More
Software Security vs. Food Safety
- Albert Zenkoff
- 2014-02-13
- Management, changes, costs, crisis, customer perception, food industry, industry, lessons, security, software
My friend works in a large restaurant chain in St-Petersburg. She is pretty high up in the command after all these years. We talk about all sorts of things when we meet up and once she told me about how they have to deal with safety and quality inspections and how bothersome and expensive they ...
Read MoreFraud Botnet Controls Sales Terminals
- Albert Zenkoff
- 2013-12-05
- Society, botnet, credit card, Dexter, fraud, malware, point of sales, POS, security, StarDust
Ah, the humanity. ArsTechnica reports that researchers came across a proper botnet that controls 31 Point Of Sales (POS) servers with an unknown number of actual sales terminals connected to them. The botnet is operational, i.e., it is running and collecting the credit card data. The data is transmitted during idle times in an encrypted ...
Read More
Camera and microphone attack on smartphones
- Albert Zenkoff
- 2013-11-13
- Technology, attack, attack path, camera, microphone, mobile, PIN, security, side-channel, smart phone, technology
The researches at the University of Cambridge have published a paper titled “PIN Skimmer: Inferring PINs Through The Camera and Microphone” describing a new approach to recovering PIN codes entered on a mobile on-screen keyboard. We had seen applications use the accelerometer and gyroscope before to infer the buttons pressed. This time, they use the ...
Read More
Can I interest you in more security, sir?
- Albert Zenkoff
- 2013-11-12
- Society, business, companies, hypocrisy, idealistic principles, internet, less security, more security, NSA, privacy, social
The last week’s meeting of the IETF discussed security of the Internet and the recent revelations that the NSA turned the Internet into a giant surveillance machine. While the sentiment was clear that the Internet should not allow itself to such abuse, there is little evidence that anything at all could be done about it. ...
Read More
Guard your secrets
- Albert Zenkoff
- 2013-11-10
- Management, careless, corporate intelligence, corporate spying, intelligence, leak, management, Physical security, social, spy
I meant to write about the subject of spying and corporate information security for a while now but got around to it only now. The article Confessions of a Corporate Spy has provided an excellent background for the discussion and is absolutely worth a read. Twenty years ago the corporate spying was already abound and ...
Read More
Google bots subversion
- Albert Zenkoff
- 2013-11-09
- Technology, application security, attack, bots, Development, firewall, Google, philosophy, secure by design, software, software design, software security, subversion, technology, unexpected
There is a lot of truth in saying that every tool can be used by good and by evil. There is no point in blocking the tools themselves as the attacker will turn to new tools and subvert the very familiar tools in unexpected ways. Now Google crawler bots were turned into such a weapon ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
Share and stay updated
About the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.