Category: "Counter-media"

About the Counter-Media category

  21:11, by Hagai Bar-El   , 172 words
Categories: Counter-media

One of the main objectives of this blog is to put security related facts and events in the correct perspective.  This is needed in cases where the traditional media has its own objective of blowing news out of proportion. The security media, often sponsored either by advertisers or by product vendors, has an occasional tendency of disseminating FUD (fear, uncertainty, and doubt) more than necessary. For example, they can take a single unattributed compromise of a web-server and shout that "cyberwar is here".

Without arguing who is right, many of the posts in this blog bring forward the other side of the coin. They show a different perspective than that shown by other sources. The goal is never controversy in its own right; it is to make the reader truly informed, by showing the angle that doesn't get the headlight.

The counter-media category consists of such posts that present perspectives, insights, and opinions, that may differ substantially from those typically presented by the media, and by that provide food for independent thought.

 

Pages: 1 2 3

  2012-03-08

Against the collection of private data: The unknown risk factor

  23:48, by Hagai Bar-El   , 734 words
Categories: Security Policies, Counter-media

I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.

Full story »

  2011-04-28

CAcert as a certification alternative

  23:31, by Hagai Bar-El   , 1011 words
Categories: IT Security, Counter-media

A few months ago, I wrote about the problem that emerges from having to rely on digital certificates that are issued by Certification Authorities of which we, the relying parties, are not the paying customers. As a result, we rely on the CA (Certification Authority) certification process, while there is no economic incentive for the CA to actually maintain a robust certification mechanism and to justify our trust.

Unexpectedly, this post, titled “The Inevitable Collapse of the Certificate Model”, quickly became the favorite post on my blog, pulling more views than all other individual posts.

One alternative that was suggested is by CAcert.org, a community based certification organization. Here are my thoughts on the ability of such a mechanism to solve the certification problem.

Full story »

  2011-01-28

Cyber-war Risk Exaggerated?

  23:02, by Hagai Bar-El   , 700 words
Categories: Security Policies, Cyber Security, Counter-media

A ZDNet article, Cyber-war risk is exaggerated, says OECD study, points to what seems as a thorough study that concluded with the stated result. I never read this study, but from the article one can point one point in which it is probably right and one point in which it is probably wrong.

Full story »

  2010-10-22

The Inevitable Collapse of the Certificate Model

  22:30, by Hagai Bar-El   , 755 words
Categories: IT Security, Counter-media

Many had high expectations from the SSL/TLS certificate model. At least on paper it sounded promising and worthwhile. Keys are used to protect traffic; for this to be effective, keys shall be bound to business entities; for the binding to be trustworthy by the public, binding will be signed by Certification Authorities (CAs), which the public will recognize as authoritative. Once the trusted CA signs the binding between a business entity (represented by a domain name) and a key — every user can tell he is communicating securely with the correct entity.

In practice, it got all messed up. It is difficult to form authorization hierarchies on the global Internet, this is one thing. However, the model failed also due to the economics behind it.

Full story »

  2010-08-24

Understanding the security risk of SaaS

  22:29, by Hagai Bar-El   , 745 words
Categories: IT Security, Counter-media

Software as a Service (SaaS) is one of the hot trends in Information Technologies. “SaaS” is the name given to the concept of having applications run on the infrastructure of the service provider, rendering service to the customer over the net.

The SaaS architecture promises lower cost of ownership, better scalability, and ease of maintenance. There are other advantages, and a few limitations as well. One of the key concerns regarding SaaS is about security. Corporate security officers claim that a security risk arises with the storage of corporate data off-site. This is probably true, but to be able to assess the risk accurately, the stakeholder needs to properly understand what the risk is exactly, and where most of this risk comes from. Following is my take on this.

Full story »

  2010-05-19

Automobile hack: we should have known better

  22:28, by Hagai Bar-El   , 776 words
Categories: Security Engineering, Counter-media

No one in the automotive security industry could miss the recently published news article titled “Beware of Hackers Controlling Your Automobile”, published here, and a similar essay titled “Car hackers can kill brakes, engine, and more”, which can be found here. In short, it describes how researchers succeeded in taking over a running car, messing up with its brakes, lights, data systems, and what not.

As alerting and serious as this is, it should not come by as a surprise.

Full story »

  2010-03-24

InZero provides some security

  22:25, by Hagai Bar-El   , 826 words
Categories: IT Security, Counter-media

I was just made aware of InZero, a new physical device that you connect to your PC, and your browsing becomes secure. I find it amazing that some people treat it as among the most revolutionary of security solutions.

I think the InZero device is cool. I think it protects against some attack vectors, at some usability costs. It may even make a worthwhile trade-off for some people. But to consider the protection granted by this device as something that is revolutionary, or to claim that it is “giving hackers, criminals, and spies the middle finger” is an exaggeration, even when it comes from marketing guys.

Full story »

1 2 3