Yesterday I attended the IDC Security Conference in London.
I was not too sure what to think of it as I never attended that event before and only accepted a “spam/unsolicited invite” because for once I took the time to read the agenda and list of speakers who were to attend.
I can now say I do not regret it and it was a great conference with lot of interesting content on the future security context related to cloud and mobile computing with a pinch of data privacy.
One of the reason I decided to attend was also because the keynote speaker was Bruce Schneier, a person I never had the privilege to see at a conference before and whom I appreciate his offbeat approach to IT Security.
Although I have attached a mindmap of my conference notes at the end of the post, if you do not want to see a “Death by MindMap” or have a 50inch screen then I invite you to read the many highlights and industry insights which were discussed at that conferenc...
>>[READ MORE]
A funny case for not reusing passwords
#13 - Posted on
17 September 2010 - Author: SM - Category: Security
By the way, you are free to create an account on my website! ;)
As seen on XKCD.COM!
...
>>[READ MORE]
Arcsight, another expensive acquisition… sorry, merger!
#12 - Posted on
14 September 2010 - Author: SM - Category: Security
Following on the $7 billion and a bit acquisition of mcAfee by Intel last month, it is now the turn of Arcsight, a data correlation engine, to get acquired by HP for $1.5 billion, a bargain then! This follows a trend for large non IT Security companies to step into the security field.
What I found interesting though is the difference in vocabulary used by the two companies, actually, by the Arcsight current CEO Tom Reilly. HP speaks about “acquisition”, which really it’s what it is; whereas Tom’s email to Arcsight clients speaks about a “merger”. I guess this is standard practise when the smaller party get “swallowed” by a bigger company.
I’d be interested to see what changes this “merger” will bring to Arcsight and if any of the HP Operation Manager technology (aka OpenView) will find its way in a future Arcsight ESM release… or vice versa!
...
>>[READ MORE]
DoD Windows OS Security guides
#11 - Posted on
10 September 2010 - Author: SM - Category: Guides, Security
I have recently came across that Department of Defence website where they provide free and unclassified Windows Security Guides. From Windows 2000 to windows 7, they provide a set of checklist and “STIG” which stands for Security Technical Implementation Guides.
Having only checked the Windows 7 “STIG”, I found it a useful resource when one can get some ideas on how to secure/validate a windows 7 server configuration.
http://iase.disa.mil/stigs/content_pages/windows_os_security.html
...
>>[READ MORE]
An update on my XOR-Sum Uniqueness Cryptanalysis attack
#10 - Posted on
25 August 2010 - Author: SM - Category: Cryptography
I have updated the information I wrote about what I consider to be a potentially new type of cryptanalysis attack.
Although the described attack is relevant to my BUGS algorithm, it could also be used to attack any algorithms using some type of Cipher Block Chaining (CBC) or Cipher Feedback (CFB) mode of operation, in fact, any algorithms using a XOR function between plaintext blocks as part of their encryption process.
The explanation assume the reader is familiar with the different block cipher modes of operation. Although I start with a simple example, it helps setting the context for which the final attack could be in theory applied to: any XOR operations.
For more information on my theoretical Unrestricted XOR-Sum Uniqueness Cryptanalysis attack, please ...
>>[READ MORE]
Apple new Patent could mean Big Brother on your phone
#9 - Posted on
24 August 2010 - Author: SM - Category: Security
The following article from Macworld describes a new patent from Apple to detect jail-broken iphone/ipad. It also gives an interesting security twist on that patent, where it is in theory possible to take hidden photos and voice recording of a potential thief, analyse the accelerometer data to define if the thief is walking, driving or even flying, get GPS location, etc.
http://www.macworld.com/article/153612/2010/08/apple_mobiledevice_patent.html
I also came across that app for the iphone, which does not go quite as far but highlight the fact people have already thought about this:
SpyTools for iphone
...
>>[READ MORE]
New York Times Article on Russian Harcker’s Arrest
#8 - Posted on
24 August 2010 - Author: SM - Category: Security
There is maybe nothing new about governments protecting their national hackers but this is a good example on how a hacker can openly operate in his own country and then get caught in another.
The article below also makes reference to an earlier case where a Russian hacker was lured to the USA and arrested through evidence gathered by the FBI hacking his computer back own.
I have always wondered how could such evidence stand in court, what would stop the FBI to plant some fake evidence?? How is hacking into the computer located in a different country be legal either?
Hacker’s Arrest Offers Glimpse Into Crime in Russia
...
>>[READ MORE]
Intel set to acquire McAfee for £5 billion
#7 - Posted on
19 August 2010 - Author: SM - Category: Security
According to the article below both companies’ board of directors have agreed a deal. With Intel looking at providing some “hardware-enhanced” security i wonder if we will one day see an AV aware CPU? :)
SC Magazine Article
...
>>[READ MORE]
RSS Feeds
IDC’s IT Security Conference 2010 – My take on it.