security
Cloud security
- Albert Zenkoff
- 2013-04-27
- Technology, cloud, cloud security, data center, database, file server, mainframe, security, security models, security types, technology, virtual, VM, web server
Let’s talk a little about the very popular subject nowadays – the so-called ‘cloud security’. Let’s determine what it is, what we are talking about, in fact, and see what may be special about it. ‘Cloud’ – what is it? Basically, the mainframes have been doing ‘cloud’ all along, for decades now. Cloud is simply ...
Read More
Brainwashing in security
- Albert Zenkoff
- 2013-02-28
- Society, corporate, general, greedy, irresponsible, Lies, philosophy, RSA Conference, security, social
At first, when I read the article titled Software Security Programs May Not Be Worth the Investment for Many Companies I thought it was a joke or a prank. But then I had a feeling it was not. And it was not the 1st of April. And it seems to be a record of events ...
Read More
Ignoring security is not a good idea…
- Albert Zenkoff
- 2013-02-24
- Management, Android, embedded, evaluation, HTC, management, mobile, news, privacy, punishment, security
I see that HTC got finally whacked over the head for the lack of security in their Android smartphones. I will have to contain myself here and will leave aside the inherent issues surrounding Android, its security and model of operation that will hurt … Ok, ok, I stop now. So, HTC got dragged ...
Read More
The art of unexpected
- Albert Zenkoff
- 2013-02-16
- Management, art, general, Google, management, news, philosophy, security, unexpected
I am reading through the report of a Google vulnerability on The Reg and laughing. This is a wonderful demonstration of what the attackers do to your systems – they apply the unexpected. The story is always the same. When we build a system, we try to foresee the ways in which it will be ...
Read More
SAMATE Reference Dataset
- Albert Zenkoff
- 2013-02-14
- Technology, Data set, Development, SAMATE, security, test, test cases, Tools, vulnerability database
Through the news we can become alerted to many interesting things and one of the recent useful bits is the SAMATE Reference Dataset built by NIST Software Assurance Metrics And Tool Evaluation project. Should you need information on common vulnerabilities test cases, the database has more than 80,000 test cases by now. From the project ...
Read MoreOn the utility of technical security
- Albert Zenkoff
- 2013-02-07
- Management, error, general, human, inevitability, management, passwords, recovery, security, weakest link
It is often said that the system is only as strong as the weakest link. When you have good security and strong passwords, the weakest link will be the human. As has always been. Think of how the system can be recovered from a breach when the problem is not technical but human. [youtube=http://youtu.be/W50L4UPfWsg]
Read More
Security by …
- Albert Zenkoff
- 2013-01-29
- Management, Design, Development, philosophy, security, security by completeness, security by design, security by ignorance, security by isolation, security by obscurity, security type
We know several common buzzwords for determining security strategy of a company (or an individual). Let’s try to define them once again, for completeness sake. Security by ignorance Easily summed up by “what you do not know cannot hurt you” and is obviously wrong. Typically happens at the early stages of software developer’s career when ...
Read More
Hack NFC Door Locks
- Albert Zenkoff
- 2012-12-27
- Technology, authentication, door locks, identification, NFC, Physical security, protocol, RFID, security, Smart card, wireless
I can see in the logs that people sometimes come to this site with interesting searches. A recent interesting search was “Hack NFC Door Locks”. Well, since there is interest in the subject, why not? Let’s talk about NFC, contactless smart card and RFID door locks, shall we not? The actual technology used for the ...
Read MoreThe Elderwood Report
- Albert Zenkoff
- 2012-10-12
- Management, attacks, Elderwood project, Elderwood report, infrastructure, security, Symantec, Zero-day attack
Symantec reports very interesting findings in their report of the so-called “Elderwood Project”. A highly interesting paper that I can recommend as bedside reading. Here is a teaser: In 2009, Google was attacked by a group using the Hydraq (Aurora) Trojan horse. Symantec has monitored this group’s activities for the last three years as they ...
Read More
Random or not? That is the question!
- Albert Zenkoff
- 2012-09-13
- Technology, layered security, PRNG, Pseudorandom Numbers, random, random number generator, RNG, security, separation by function, technology
Oftentimes, the first cryptography related question you come across while designing a system is the question of random numbers. We need some random numbers in many places when developing web applications: identifiers, tokens, passwords etc. all need to be somewhat unpredictable. The question is, how unpredictable should they be? In other words, what should be ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
Share and stay updated
About the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.