Pages: 1 2 3 4 ...5 ... 7 ...9 ...10 11 12 13


The case for supporting one-time passwords in conjunction with regular ones

  23:42, by Hagai Bar-El   , 874 words
Categories: IT Security

A few days ago I got a Yubikey. While exploring use-cases for it, it occurred to me that there is a strong case for a mode of operation which is seldom (never?) used by IT departments: using the token while also supporting static passwords for the same services. It is not suitable for everyone, but it is suitable for the security-aware users. I will now introduce Yubikey in a few words, and then explain the purpose of adding support for one-time password to services that already support static passwords, without eliminating the latter.

Full story »


I was appointed CTO of Discretix Technologies

  23:39, by Hagai Bar-El   , 24 words
Categories: Personal News

On January 23rd, 2012, I was appointed as the CTO of Discretix Technologies Ltd. I have been involved with Discretix since its establishment, 11 years ago.


OSMOSIS Online Event

  23:38, by Hagai Bar-El   , 14 words
Categories: Personal News

I will be speaking at the OSMOSIS online event, on October 4th, 2011, at 09:00 UTC.


Handling the Security Aspect of Smart Grid Product Purchasing

  23:33, by Hagai Bar-El   , 1581 words
Categories: Security Engineering, Cyber Security

Smart Grid security is one of the new emerging fields of security. Everybody knows that the new generation of electricity grids requires a new level of security against cyber-wars, cyber-terrorism, and all the rest. Yet, for the purchaser of Smart Grid solutions, it is not always obvious where to start and that to require. The topic is wide, complex, and not very well documented. I do not intend to write a compendium here, but I will share my perspective on how an integrator, or purchaser, may prefer to approach the problem of evaluating Smart Grid solutions from the security perspective.

Full story »


The Difference Between Content Protection and Cyber Security

  23:32, by Hagai Bar-El   , 1156 words
Categories: Security Engineering

A few days ago I was presented with an interesting question: What is the difference between Content Protection and Cyber Security? These domains of Information Security are so different and unrelated, that the difference in their definition is more or less the entire definition of both. This question, however, was asked in the context of the factors that make each of these problems hard to solve. Both problems are hard ones, and seem to require more than the state of the art in security can provide; yet they are hard problems for completely different reasons.

Full story »


CAcert as a certification alternative

  23:31, by Hagai Bar-El   , 1011 words
Categories: IT Security, Counter-media

A few months ago, I wrote about the problem that emerges from having to rely on digital certificates that are issued by Certification Authorities of which we, the relying parties, are not the paying customers. As a result, we rely on the CA (Certification Authority) certification process, while there is no economic incentive for the CA to actually maintain a robust certification mechanism and to justify our trust.

Unexpectedly, this post, titled “The Inevitable Collapse of the Certificate Model”, quickly became the favorite post on my blog, pulling more views than all other individual posts.

One alternative that was suggested is by, a community based certification organization. Here are my thoughts on the ability of such a mechanism to solve the certification problem.

Full story »


Understanding the Impact of the RSA SecurID Breach

  23:25, by Hagai Bar-El   , 849 words
Categories: IT Security

A few days ago, we were notified (e.g., here and here) that a hack into the network of RSA Security (the security division of EMC) has led to someone stealing something that is related to the SecurID token product.

We cannot determine the real impact of this security breach until RSA Security tells us what exactly got stolen. I believe that this information will be made available, as a result of legal or public pressure, if for no other reason. Until this data becomes available, let us examine the two most probable options, and how we may respond to each.

Full story »

1 2 3 4 ...5 ... 7 ...9 ...10 11 12 13