Hagai Bar-El on Security

I finally got to read Bruce Schneier's new book: "Liars and Outliers". The book is pleasant to read, but truth be told, I was slightly, just slightly, disappointed.

The book is written in Bruce's style, which I like and appreciate. Like all of his books and essays, it is crystal clear, and is extremely well-written. It is written in a way that makes it comprehensible by absolutely everyone. Not too many people with Bruce's knowledge can write in such clear style.

What I less liked about this book is its overall triviality. Bruce Schneier is excellent in using trivial down-to-earth facts and notions to get his point across. This is one of the best features of his texts. However, in "Liars and Outliers" I feel it went a bit too far. The book does not take you from the trivial to the "Wow!" but mostly repeats the discussion of trivial phenomenons that bring to trivial conclusions. The discussions are interesting, and the points made are valid and worthy, but I cannot avoid suspecting that the book could be cut down to half of its length without losing much of its substance.

I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Securely Executing Applications".

Full story »

I will be participating in a panel titled "Cyber Security of Vehicle Connectivity", as part of the SAE ATA Conference: The Convergence of Systems Towards Sustainable Mobility, on November 7th-8th, 2012, in Turin, Italy. Details on the conference can be found here.

I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Digital Rights Management Utilizing Supplemental Content".

Full story »

I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.

Full story »

In the previous post, I discussed the use of Yubikey for local encryption. I noted that Yubikey can store a long string that can be used as an encryption key, or a password. It provides no extra protection against key-loggers, but still allows to use strong passwords without remembering and typing them. Today, I would like to discuss a technique that makes Yubikey based encryption more secure; still not resistant to a key-logger, but resistant to having the Yubikey “borrowed” by a thief.

Full story »

Yubikey is the first one-time password generator I saw that can also emit a static password. When you press the button, a constant pre-defined string is entered, just as if it was typed on the keyboard. Is it more secure than typing the password on the keyboard? Not at all (unless shoulder-surfing is an issue.) So how does it differ from entering a long key yourself? It does not. And still, local encryption is a valid use-case just for such a function.

Full story »