We know several common buzzwords for determining security strategy of a company (or an individual). Let’s try to define them once again, for completeness sake. Security by ignorance Easily summed up by “what you do not know cannot hurt you” and is obviously wrong. Typically happens at the early stages of software developer’s career when ...
Read MoreSoftware developers regularly attempt to create new encryption and hashing algorithms, usually to speed up things. There is only one answer one can give in this respect: Here is a short summary of reasons why you should never meddle in cryptography. Cryptography is mathematics, very advanced mathematics There are only a few good cryptographers and ...
Read MoreWhen working on security, there is something extremely important to keep in mind at all times. We are not trying to make systems impenetrable. We are trying to make it real, real hard for the attacker, that’s all. If an attacker has physical access to your system, you lost. All measures, passwords, firewalls, everything is ...
Read MoreI think I already talked about this subject previously but not here. Anyhow, the subject bears repeating. Many go “yippee!” at the mention of biometrics and start to think their user authentication problem is solved. Do not pay attention, they will end up in the newspaper headlines fairly soon, either for massive security failures or ...
Read MoreHmm… Good question… Well, let’s get this straightened out before we jump into other interesting subjects. Every single website and application, every single computer system gets broken into. For fun, money, fame, accidentally. This is just the way it is and I have to accept this as the current reality. I may not like it ...
Read More