Category Archives: securityengineering
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun… Continue reading Daniel Miessler on My Writings about IoT Security
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything is doom and gloom. I… Continue reading Daniel Miessler on My Writings about IoT Security
Matt Blaze on Securing Voting Machines
Matt Blaze’s House testimony on the security of voting machines is an excellent read. (Details on the entire hearing is here.) I have not watched the video….
The post Matt Blaze on Securing Voting Machines appeared first on Security Boulevard.
Continue reading Matt Blaze on Securing Voting Machines
Matt Blaze on Securing Voting Machines
Matt Blaze’s House testimony on the security of voting machines is an excellent read. (Details on the entire hearing is here.) I have not watched the video…. Continue reading Matt Blaze on Securing Voting Machines
Google Login Security for High-Risk Users
Google has a new login service for high-risk users. it’s good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services … Continue reading Google Login Security for High-Risk Users
Google Login Security for High-Risk Users
Google has a new login service for high-risk users. It’s good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s malware scanners will use a… Continue reading Google Login Security for High-Risk Users
Security Flaw in Infineon Smart Cards and TPMs
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generate… Continue reading Security Flaw in Infineon Smart Cards and TPMs
Security Flaw in Infineon Smart Cards and TPMs
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize all of them. For example,… Continue reading Security Flaw in Infineon Smart Cards and TPMs
HP Shared ArcSight Source Code with Russians
Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect classified networks, but the security risks are much broader. Any weaknesses the Russians discover could be used against any ArcSight customer. What is HP Enterprise thinking? Near as I can tell, they… Continue reading HP Shared ArcSight Source Code with Russians