Attacking RSA through Sound
A new attack against RSA has been made known this week. Details about it can be found in the paper RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. One notable name amongst the co-authors...
View ArticleQoTW #49: How can someone go off-web, and anonymise themselves after a life...
Everything we do these days is online, whether through our own social media, purchases from online stores, tracking by google, Amazon etc., and the concept of gaining some sort of freedom is getting...
View ArticleQoTW #50: Does password protecting the BIOS help in securing sensitive data
Camil Staps asked this question back in April 2013, as although it is generally accepted that using a BIOS password is good practice, he couldn’t see what protection this would provide, given, in his...
View ArticleCommunicating Security Risks to Senior Management – 3 years on
Back in July 2011 I wrote this brief blog post on the eternal problem of how to bridge the divide between security professionals and senior management. Thought I’d revisit it nearly 3 years on and...
View ArticleA short statement on the Heartbleed problem and its impact on common Internet...
On the 7th of April 2014 a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security published information on a security issue in OpenSSL. OpenSSL is a piece...
View ArticleIs our entire password strategy flawed?
paj28 posed a question that really fits better here as a blog post: Security Stack Exchange gets a lot of questions about password strength, password best practices, attacks on passwords, and there’s...
View ArticleQoTW #51 Would it be good secure programming practice to overwrite a...
Jonathan recently asked this question about secure development practices, specifically, whether it makes a difference to your application’s security if you overwrite the values of sensitive variables...
View ArticleQoTW #52 Which factors should I consider for devices that accept handwritten...
Indrek asked this question on digital signature devices, such as the ones delivery drivers get you to sign for your packages. While he identified EU directive 1993/93/EC as appearing to regulate, he...
View ArticleClik here to view.
Business Continuity is concerned with information security risks and impacts
A Business Continuity Programme (BCP) is primarily concerned with those business functions and operations that are critically important to achieve the organization’s operational objectives. It seeks to...
View ArticleQoTW #53 How can I punish a hacker?
Elmo asked: I am a small business owner. My website was recently hacked, although no damage was done; non-sensitive data was stolen and some backdoor shells were uploaded. Since then, I have deleted...
View Article
