Hagai Bar-El on Security

The emergence of the Android Operating System for mobile devices is said to have put the content protection industry in trouble. This is probably true. However, for sake of accuracy, it has not introduced wholly new problems as it worsened existing ones, in an overall situation that was never easy to start with. Let us see what open Operating Systems such as Android have changed, and how the content protection industry may go about to overcome these new-old difficulties.

Read more »

Among the work I do is the evaluation of research proposals for the Framework Program 7 (FP7), and now H2020, of the European Commission. I review research proposals that are submitted in response to calls that are related to information security. Truthfully, this work is among the more interesting of projects I am involved with.

On account of this occupation of mine, for a few years already, I consider myself authoritative to bring up the following tips to whoever intends to submit a research proposal for European, or other, funding.

Read more »

A ZDNet article, Cyber-war risk is exaggerated, says OECD study, points to what seems as a thorough study that concluded with the stated result. I never read this study, but from the article one can point one point in which it is probably right and one point in which it is probably wrong.

Read more »

Cars will soon be (almost) fully automated. News on experiments with cars that drive by themselves, in different scenarios and situations, make it seem obvious that soon enough the role of the driver is to be similar to that of a pilot in a passenger jet. Many people feel some itch of discomfort with this thought; the itch of “we are not there yet”. Let us see if and why we “are not there” yet, and what we can do about it.

Read more »

Wikileaks did evil. It published stuff that should not have been published. Julian Assange acted carelessly, I think. Still, the impact of Wikileaks is not what we usually think it is. The security of citizens was not affected by Wikileaks, but by the leak itself, and the publicity given to those leaks, in itself, may bring citizen security to a higher standard in the long run. The problem with Wikileaks is that it created a new market for leaked documents; a market which may increase the appeal of low-risk data theft.

Read more »

A few weeks ago, I wrote about the inherent limitations of the certification model. This model cannot be expected to provide a solution to the binding of entities to public keys, primarily because Certification Authorities (CAs) have no financial incentive in performing thorough investigation on who they issue certificates to; and often on the contrary.

There is probably more than one solution to this problem. Let us examine one of them: External quality enforcement

Read more »

There are many IT security podcasts out there; too many, perhaps. Certainly too many to listen to. The challenge is to decide on which ones to follow on a regular basis. I became aware of a good candidate a couple of years ago, and since it retained its qualities (listed below) over time, I figured it is worth mentioning.

This podcast is called: “Security Now” and it is featured by Steve Gibson and Leo Laporte. Leo is a good host. He manages the show and its topics well, all in a healthy, joyful, spirit. Steve is a well-known security expert, and the creator of SpinRite — a disk maintenance and recovery tool.

Read more »