The concept of "Cyber Security" is surely the attention grabber of the year. All security products and services enjoy a boost in their perception of importance, and sales, by merely prepending the word "cyber" to their description. But how is cyber security different than just security?
It differs, but it is not an entirely different domain, at least not from the technology perspective.
Security protects against malicious attacks. Attacks involve an attacker, an attack target, and the attack method, which exploits one or more vulnerabilities in the target. When speaking of cyber attacks, it is common to refer to a nation state attacking another, or to an organization attacking a state. Referring to unorganized individual hackers as executing "cyber attacks", while being a common trend, is a blunt misuse of the "cyber" term in its common meaning. And still, cyber security is not as dramatically different than traditional security.
I finally got to read Bruce Schneier's new book: "Liars and Outliers". The book is pleasant to read, but truth be told, I was slightly, just slightly, disappointed.
The book is written in Bruce's style, which I like and appreciate. Like all of his books and essays, it is crystal clear, and is extremely well-written. It is written in a way that makes it comprehensible by absolutely everyone. Not too many people with Bruce's knowledge can write in such clear style.
What I less liked about this book is its overall triviality. Bruce Schneier is excellent in using trivial down-to-earth facts and notions to get his point across. This is one of the best features of his texts. However, in "Liars and Outliers" I feel it went a bit too far. The book does not take you from the trivial to the "Wow!" but mostly repeats the discussion of trivial phenomenons that bring to trivial conclusions. The discussions are interesting, and the points made are valid and worthy, but I cannot avoid suspecting that the book could be cut down to half of its length without losing much of its substance.
I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Securely Executing Applications".
I will be participating in a panel titled "Cyber Security of Vehicle Connectivity", as part of the SAE ATA Conference: The Convergence of Systems Towards Sustainable Mobility, on November 7th-8th, 2012, in Turin, Italy. Details on the conference can be found here.
I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Digital Rights Management Utilizing Supplemental Content".
I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.
In the previous post, I discussed the use of Yubikey for local encryption. I noted that Yubikey can store a long string that can be used as an encryption key, or a password. It provides no extra protection against key-loggers, but still allows to use strong passwords without remembering and typing them. Today, I would like to discuss a technique that makes Yubikey based encryption more secure; still not resistant to a key-logger, but resistant to having the Yubikey “borrowed” by a thief.