Pages: 1 2 3 4 5 6 7 8 9 10 >>

  2014-05-30

The status of TrueCrypt

  07:40, by Hagai Bar-El   , 547 words
Categories: IT Security, Products

I wish I knew where TrueCrypt stands now, but I don't. I follow TrueCrypt and regularly endorse it  ever since I discovered it and wrote this post nine years ago. TrueCrypt was, and may still be, the most sensible and presumably-secure volume and full-disk encryption software for Windows; also supporting Linux and Mac. A few days ago the project discontinued, and users were directed to alternative, non-open-source solutions.

Full story »

  2014-04-09

OpenSSL "Heartbleed" bug: what's at risk on the server and what is not

  22:56, by Hagai Bar-El   , 1223 words
Categories: IT Security, Cyber Security, Counter-media

A few days ago, a critical bug was found in the common OpenSSL library. OpenSSL is the library that implements the common SSL and TLS security protocols. These protocols facilitate the encrypted tunnel feature that secure services -- over the web and otherwise -- utilize to encrypt the traffic between the client (user) and the server.

The discovery of such a security bug is a big deal. Not only that OpenSSL is very common, but the bug that was found is one that can be readily exploited remotely without any privilege on the attacker's side. Also, the outcome of the attack that is made possible is devastating. Exploiting the bug allows an attacker to obtain internal information, in the form of memory contents, from the attacked server or client. This memory space that the attacker can obtain a copy of can contain just about everything. Almost.

There are many essays and posts about the "everything" that could be lost, so I will take the optimistic side and dedicate this post to the "almost". As opposed to with other serious attacks, at least the leak is not complete and can be quantified, and the attack is not persistent.

Full story »

  2014-04-03

Bitcoin does not provide anonymity

  22:22, by Hagai Bar-El   , 762 words
Categories: Security Engineering, Security Policies, Security, Counter-media

When people discuss Bitcoin, one of its properties that is often considered is its presumable anonymity. In this respect, it is often compared to cash. However, it shall be recognized and understood that Bitcoin is not as anonymous as cash; far from it, actually. Its anonymity relies on the concept of pseudonyms, which delivers some (unjustified) sense of anonymity, but very weak anonymity in practice.

Full story »

My new patent on secure key provisioning

  12:02, by Hagai Bar-El   , 151 words
Categories: Personal News, Security Engineering

I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Methods Circuits Devices and Systems for Provisioning of Cryptographic Data to One or More Electronic Devices".

Full story »

  2014-02-01

CyberTech 2014

  21:10, by Hagai Bar-El   , 438 words
Categories: IT Security, Cyber Security, Events, Counter-media

I attended CyberTech 2014 on January 27th-28th. CyberTech is a respectable conference for technologies related to cyber-security. The conference consisted of lectures and an exhibition. The lectures were most given by top notch speakers from the security space, both from the public sector and from the private sector; most being highly ranked executives. The exhibition sported companies ranging from the largest conglomerates as IBM and Microsoft, to garage start-ups.

I am easy to disappoint by cyber-security conferences. Simply put, there are more cyber-security conferences than what the security industry really has to say. This implies that for the security architect or practitioner, most cyber-security conferences lack sufficient substance. I take CyberTech 2014 with mixed emotions too. The exhibition showed interesting ideas, especially by start-ups, while the lectures left more to wish for.

Full story »

  2014-01-29

SnapChat and client authentication

  21:37, by Hagai Bar-El   , 25 words
Categories: Security Engineering

Visit: http://www.discretix.com/blog/hacked-in-a-snap/

A post I have written about the SnapChat hack, and what it can teach us on the need for secure execution and secure client authentication.

  2013-12-28

Book review: Little Brother

  11:25, by Hagai Bar-El   , 336 words
Categories: Security Policies, Sources, Security

I have just finished reading Little Brother by Cory Doctorow. This book presents the story of a typical but tech savvy teenager who falls victim to harassment by the Department of Homeland Security and the police state, where every citizen is constantly tracked and monitored as a potential terrorist. The story is fictitious, of course, but those who follow the reaction of some nations to the terrorism threat and the ever increasing amplitude and sophistication of wholesale surveillance, cannot miss that while the story is factually fictitious, it is not at all implausible.

Full story »

1 2 3 4 5 6 7 8 9 10 >>