Archives for: "October 2014"

  2014-10-15

Poodle flaw and IoT

  17:53, by Hagai Bar-El   , 457 words
Categories: Security Engineering
The Poodle flaw discovererd by Google folks is a big deal. It will not be hard to fix, because for most systems there is just no need to support SSLv3. Fixing those will only imply changing configuration so not to allow SSL fallback. However, this flaw brings to our attention, again, how the weakest link in security often lies in the graceful degredation mechanisms that are there to support interoperability. Logic that degrades security for the sake of interoperability is hard to do right and is often easy to exploit. Exploitation is usually carried out by the attacker connecting while pretending to be "the dumbest" principal, letting the "smarter" principal drop security to as low as it will go. All this is not new. What may be new is a thought on what such types of flaws may imply on the emerging domain of the Internet-of-Things. more »

  2014-10-11

Snapchat leak -- who is to blame?

  10:52, by Hagai Bar-El   , 242 words
Categories: IT Security, Security Engineering
Snapchat is in the headlines again for allegedly leaking out nude photos of users. They strictly deny that there was any breach of their servers, and blame third party applications for leaking this data. This might be the case, but it is not enough to take them off the hook, especially given that their product is mostly about ​confidence​. more »