Bad password policy is one thing. Comically bad explanations of it are another thing entirely. It doesn't inspire confidence in the security organization.
American Express password policy takes the cake
- Date: February 9th, 2010
- Author: Chad Perrin
- Category: Application Security, Authentication, Internet, News, Passwords, Policy, Security
- Tags: Password, American Express Co., Password Policy, American Express Password Policy, Security Administration, Security, Chad Perrin
BrowserSpy.dk: Reveals more than enough information
- Date: February 8th, 2010
- Author: Michael Kassner
- Category: Security
- Tags: Web, Web Site, Web Browser, Panopticlick, BrowserSpy.dk BrowserSpy.dk, Henrik, Web Browsers, Internet, Michael Kassner
For various reasons, Web browsers freely pass information to Web host. Lots of information, just ask BrowserSpy.dk.
Cryptography's running gag: ROT13
- Date: February 4th, 2010
- Author: Chad Perrin
- Category: Cryptography, Encryption, Security Solutions
- Tags: Cryptography, Ruby, Letter, Encryption, ROT13, Scripting Languages, Security, Software/Web Development, Web Development, Chad Perrin
If your cryptographer buddies are cracking cryptic jokes, you should check out Chad Perrin's explanation of the ROT13 cipher.
The danger of complexity: More code, more bugs
- Date: February 2nd, 2010
- Author: Chad Perrin
- Category: Application Security, Security, patching
- Tags: Vulnerability, CERT, Bug, Microsoft Corp., Microsoft Windows, Tools & Techniques, Microsoft Windows NT, Operating Systems, Software, Management
The old method of counting lines of code to judge programmer productivity may have helped contribute to the current deplorable state of software security.
Panopticlick: Your Web browsing is less anonymous than you think
- Date: February 1st, 2010
- Author: Michael Kassner
- Category: Security
- Tags: Web, Electronic Frontier Foundation, Web Browser, Cookie, Panopticlick, Visiting Web Site, Web Browsers, Internet, Michael Kassner
Visiting Web sites provides the Web host access to more information than you realize. It may be enough to create a traceable fingerprint.
The use and misuse of the XOR stream cipher
- Date: February 1st, 2010
- Author: Chad Perrin
- Category: Cryptography, Encryption, Security, vulnerability
- Tags: Key, XOR, Tools & Techniques, Engineering, Management, Chad Perrin
The XOR stream cipher is the foundation of the one-time pad cipher, as well as many other strong ciphers, but it can also be the foundation of a very weak cryptographic system, and it serves equally well as a tool for cracking itself. The devil is in the details.
The enduring cipher: Unbreakable for nearly 100 years
- Date: January 27th, 2010
- Author: Chad Perrin
- Category: Cryptography, Encryption, Privacy, Security
- Tags: Message, Data, Key, Kerckhoffs, Engineering, Productivity, Security, Chad Perrin
One cryptographic cipher has been mathematically proven to be unbreakable when it is used correctly, but it is only very rarely used. Chad Perrin breaks down the one-time pad cipher.
Are TSA policies a bad joke?
- Date: January 26th, 2010
- Author: Chad Perrin
- Category: Government, News, Physical Security, Policy, Privacy, Security
- Tags: Security, Airport Security, Transportation Security Administration, Transportation, Travel, Chad Perrin
As the idea that TSA policies are a joke becomes ever more popular with the American people, one TSA screener decides to prove them right - literally.
GoogleSharing: A way to prevent tracking by Google
- Date: January 25th, 2010
- Author: Michael Kassner
- Category: Security
- Tags: Google Inc., Identity, Moxie Marlinspike, Gmail Membership, GoogleSharing GoogleSharing, GoogleSharing Web Site, Michael Kassner
A security expert is taking on Google. His innovative Firefox add-on prevents Google from tracking your whereabouts on the Internet.
How antivirus software works: Is it worth it?
- Date: January 19th, 2010
- Author: Michael Kassner
- Category: Security
- Tags: Software, Antivirus, Malware, Antivirus Software, Experienced Software, Threatfire Zero-Day Malware Protection, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security
Michael Kassner is frequently asked whether antivirus programs are worth the bother of employing. His typical response has been yes, but recently, he started to question that.
White Papers, Webcasts, and Downloads
- Unlocking Hidden Value from Investments in SAP NetWeaver Business Warehouse IBM Organizations that have made strategic investments in SAP technology do so ... Download Now
- Volume Activation Deployment Guide Microsoft This guide describes Microsoft? Volume Activation deployment concepts ... Download Now
- Business Value of Windows Server 2008 R2 Hyper-V and Live Migration Microsoft Today's IT departments are under increasing pressure to manage and support ... Download Now
Recent Entries
Top Rated
- How China exposed Google's hypocrisy+47 votes
- Ransomware: Extortion via the Internet+39 votes
- GoogleSharing: A way to prevent tracking by Google+30 votes
- How antivirus software works: Is it worth it?+30 votes
- Panopticlick: Your Web browsing is less anonymous than you think+23 votes
- The enduring cipher: Unbreakable for nearly 100 years+15 votes
- Are TSA policies a bad joke?+14 votes
- American Express password policy takes the cake+10 votes
Archives
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
TechRepublic Blogs
