Category: "Counter-media"

About the Counter-Media category

  By Hagai Bar-El   , 161 words
Categories: Counter-media

One of the objectives of this blog is to put security related facts and events in the correct perspective.  This is primarily needed in cases where the traditional media has its own objective of either blowing news out of proportion, or even just adding its own bias. The security media, often sponsored by advertisers or vendors, has an occasional tendency of disseminating FUD (fear, uncertainty, and doubt) more than absolutely necessary.

Without arguing who is right, many of the posts in this blog bring forward the other side of the argument. They show a different perspective than that shown by other sources. The goal is never controversy in its own right; it is to make the reader truly informed, by showing the angle that is out of the spotlight.

The counter-media category consists of such posts that present perspectives, insights, and opinions, that may differ substantially from those typically presented by the media, and by that provide food for independent thought.

 

Pages: 1 2 4

  2013-09-13

Protecting private data: with law or with technology?

  By Hagai Bar-El   , 954 words
Categories: Security Policies, Security, Counter-media

There is an ongoing debate on the need for new regulations that protect individuals’ personal data. Regulation is said to be required to protect the personal data of citizens, consumers, patients, etc., both against corporate service providers as well as against governments.

There is a growing concern about the implications of the data collection habits of social network operators, such as Facebook, as well as other service providers. Even those individuals who claim to not see any tangible risk behind the massive collection of data on themselves by service providers, still feel unease with the amount of data available on them, and on which they have no control.

On the state side, knowing that your government may monitor every single email and phone call reminds of George Orwell’s book “nineteen eighty-four". It is largely agreed that this practice, if not outright eliminated, shall at least be better controlled.

This essay discusses the two possible domains for such better control: technology and regulation, arguing that the former is tremendously more effective than the latter.

Read more »

  2013-07-06

The difference between Cyber Security and just Security

  By Hagai Bar-El   , 637 words
Categories: IT Security, Security Policies, Cyber Security, Counter-media

The concept of “Cyber Security” is surely the attention grabber of the year. All security products and services enjoy a boost in their perception of importance, and sales, by merely prepending the word “cyber” to their description. But how is cyber security different than just security?

It differs, but it is not an entirely different domain, at least not from the technology perspective.

Security protects against malicious attacks. Attacks involve an attacker, an attack target, and the attack method, which exploits one or more vulnerabilities in the target. When speaking of cyber attacks, it is common to refer to a nation state attacking another, or to an organization attacking a state. Referring to unorganized individual hackers as executing “cyber attacks", while being a common trend, is a blunt misuse of the “cyber” term in its common meaning. And still, cyber security is not as dramatically different than traditional security.

Read more »

  2012-03-08

Against the collection of private data: The unknown risk factor

  By Hagai Bar-El   , 734 words
Categories: Security Policies, Counter-media

I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.

Read more »

  2011-04-28

CAcert as a certification alternative

  By Hagai Bar-El   , 1011 words
Categories: IT Security, Counter-media

A few months ago, I wrote about the problem that emerges from having to rely on digital certificates that are issued by Certification Authorities of which we, the relying parties, are not the paying customers. As a result, we rely on the CA (Certification Authority) certification process, while there is no economic incentive for the CA to actually maintain a robust certification mechanism and to justify our trust.

Unexpectedly, this post, titled “The Inevitable Collapse of the Certificate Model”, quickly became the favorite post on my blog, pulling more views than all other individual posts.

One alternative that was suggested is by CAcert.org, a community based certification organization. Here are my thoughts on the ability of such a mechanism to solve the certification problem.

Read more »

  2011-01-28

Cyber-war Risk Exaggerated?

  By Hagai Bar-El   , 700 words
Categories: Security Policies, Cyber Security, Counter-media

A ZDNet article, Cyber-war risk is exaggerated, says OECD study, points to what seems as a thorough study that concluded with the stated result. I never read this study, but from the article one can point one point in which it is probably right and one point in which it is probably wrong.

Read more »

  2010-10-22

The Inevitable Collapse of the Certificate Model

  By Hagai Bar-El   , 755 words
Categories: IT Security, Counter-media

Many had high expectations from the SSL/TLS certificate model. At least on paper it sounded promising and worthwhile. Keys are used to protect traffic; for this to be effective, keys shall be bound to business entities; for the binding to be trustworthy by the public, binding will be signed by Certification Authorities (CAs), which the public will recognize as authoritative. Once the trusted CA signs the binding between a business entity (represented by a domain name) and a key — every user can tell he is communicating securely with the correct entity.

In practice, it got all messed up. It is difficult to form authorization hierarchies on the global Internet, this is one thing. However, the model failed also due to the economics behind it.

Read more »

  2010-08-24

Understanding the security risk of SaaS

  By Hagai Bar-El   , 745 words
Categories: IT Security, Counter-media

Software as a Service (SaaS) is one of the hot trends in Information Technologies. “SaaS” is the name given to the concept of having applications run on the infrastructure of the service provider, rendering service to the customer over the net.

The SaaS architecture promises lower cost of ownership, better scalability, and ease of maintenance. There are other advantages, and a few limitations as well. One of the key concerns regarding SaaS is about security. Corporate security officers claim that a security risk arises with the storage of corporate data off-site. This is probably true, but to be able to assess the risk accurately, the stakeholder needs to properly understand what the risk is exactly, and where most of this risk comes from. Following is my take on this.

Read more »

1 2 4

Search

  XML Feeds

License

All contents licensed under the Creative Commons Attribution license.