Category: "IT Security"

About the IT Security category

  22:30, by Hagai Bar-El   , 57 words
Categories: IT Security

The IT Security category contains essays that discuss security aspects of corporate and personal information systems. Also included are personal and corporate security policy issues, as well as operations security. Examples for topics that fall into this category are: malware detection, network firewalls and attacks prevention, deployment of encryption technologies, protection of privacy in deployed systems, etc.

Pages: 1 3 5

  2011-04-28

CAcert as a certification alternative

  23:31, by Hagai Bar-El   , 1011 words
Categories: IT Security, Counter-media
A few months ago, I wrote about the problem that emerges from having to rely on digital certificates that are issued by Certification Authorities of which we, the relying parties, are not the paying customers. As a result, we rely on the CA… more »

  2011-03-20

Understanding the Impact of the RSA SecurID Breach

  23:25, by Hagai Bar-El   , 849 words
Categories: IT Security
A few days ago, we were notified (e.g., here and here) that a hack into the network of RSA Security (the security division of EMC) has led to someone stealing something that is related to the SecurID token product. We cannot determine the real impact of… more »

  2010-12-18

The Effect of Wikileaks

  22:47, by Hagai Bar-El   , 689 words
Categories: IT Security
Wikileaks did evil. It published stuff that should not have been published. Julian Assange acted carelessly, I think. Still, the impact of Wikileaks is not what we usually think it is. The security of citizens was not affected by Wikileaks, but by the… more »

  2010-11-16

Overcoming Distrust in CAs Using External Quality Enforcement

  22:46, by Hagai Bar-El   , 790 words
Categories: IT Security
A few weeks ago, I wrote about the inherent limitations of the certification model. This model cannot be expected to provide a solution to the binding of entities to public keys, primarily because Certification Authorities (CAs) have no financial… more »

  2010-10-28

Preventing the Evil Maid Attack on FDE

  22:33, by Hagai Bar-El   , 467 words
Categories: IT Security
The attack referred to as the ”Evil Maid Attack”, or the “Cleaning Maid Attack” against full disk encryption (FDE), is considered as one of the serious attacks concerning people who travel with laptops full of confidential information. This attack… more »

  2010-10-22

The Inevitable Collapse of the Certificate Model

  22:30, by Hagai Bar-El   , 755 words
Categories: IT Security, Counter-media
Many had high expectations from the SSL/TLS certificate model. At least on paper it sounded promising and worthwhile. Keys are used to protect traffic; for this to be effective, keys shall be bound to business entities; for the binding to be trustworthy… more »

  2010-08-24

Understanding the security risk of SaaS

  22:29, by Hagai Bar-El   , 745 words
Categories: IT Security, Counter-media
Software as a Service (SaaS) is one of the hot trends in Information Technologies. “SaaS” is the name given to the concept of having applications run on the infrastructure of the service provider, rendering service to the customer over the net. The… more »

1 3 5