Category: "IT Security"

About the IT Security category

  By Hagai Bar-El   , 57 words
Categories: IT Security

The IT Security category contains essays that discuss security aspects of corporate and personal information systems. Also included are personal and corporate security policy issues, as well as operations security. Examples for topics that fall into this category are: malware detection, network firewalls and attacks prevention, deployment of encryption technologies, protection of privacy in deployed systems, etc.

Pages: 1 2 4 5

  2010-03-24

InZero provides some security

  By Hagai Bar-El   , 826 words
Categories: IT Security, Counter-media

I was just made aware of InZero, a new physical device that you connect to your PC, and your browsing becomes secure. I find it amazing that some people treat it as among the most revolutionary of security solutions.

I think the InZero device is cool. I think it protects against some attack vectors, at some usability costs. It may even make a worthwhile trade-off for some people. But to consider the protection granted by this device as something that is revolutionary, or to claim that it is “giving hackers, criminals, and spies the middle finger” is an exaggeration, even when it comes from marketing guys.

Read more »

  2009-09-02

A business model based on people making bad security trade-offs

  By Hagai Bar-El   , 483 words
Categories: IT Security, Counter-media

From time to time I am exposed to a new service, sometimes security-related, that promises something new. More often than not, the new security service is novel, but only because either no one really needs it, or because it does not form a good balance between security and other needs. The cases of the latter category are far more interesting.

Read more »

  2006-09-11

PDAs in highly classified environments

  By Hagai Bar-El   , 820 words
Categories: IT Security

For a while IT security professionals are warning against the impacts of Personal Digital Assistants (PDAs) on corporate security. A PDA can be lost or stolen and lead to undesired disclosure of the information that is on it. The emerging of micro-drives leads to these tiny devices having gigabytes of storage. Due to the high storage capacity of the PDA and the reduced file formats it uses (resulting in smaller files), a modern PDA can easily store the entire document repository of its owner. This document repository may contain masses of sensitive corporate information in a physical size that is way too easy to lose or to have stolen. This poses a real threat to organizations, as also pointed out by Bruce Schneier in an essay called “Risks of Losing Portable Devices”.

Information security officers are not unaware of the risk and attempt at finding solutions. The most immediate solution that comes to mind is password-protecting the PDA. Realizing that these mechanisms can be hacked, encryption is put to use, enciphering all or some of the PDA databases using a key that is entered by the user. This method carries notable inconvenience for the user, who is forced to enter a key each time he is looking for a phone number, an e-mail address, or a meeting time. It is clumsy, but it solves the problem. However, does it solve all problems?

No; at least not for everyone, to my opinion.

Read more »

  2006-05-07

Is E-mail encryption really too complex?

  By Hagai Bar-El   , 567 words
Categories: IT Security

Every once in a while we read yet another article revealing the level to which e-mail encryption is uncommon. The last one I saw is here. Whenever the debate is raised about how come e-mail encryption is so seldom used, we hear the common opinion that e-mail encryption is just not easy enough for the commons; yet. It is not intuitive enough, it is not user-friendly, it is too intrusive to the typical work-flow, and so forth. Indeed, e-mail encryption for the masses is with us for more than a decade already, and other than a few geeks and a few privacy-savvy individuals, people just don’t use it.

Read more »

  2005-11-12

Evaluating Commercial Counter-Forensic Tools

  By Hagai Bar-El   , 548 words
Categories: IT Security, Sources

I have just enjoyed reading “Evaluating Commercial Counter-Forensic Tools” by Matthew Geiger from Carnegie Mellon University. The paper presents failures in commercially-available applications that offer covering the user’s tracks. These applications perform removal of (presumably) all footprints left by browsing and file management activities, and so forth. To make a long story short: seven out of seven such applications failed, to this or that level, in fulfilling their claims.

Read more »

  2005-10-24

Anonymity -- great technology but hardly used

  By Hagai Bar-El   , 581 words
Categories: IT Security

It’s hard not to appreciate the long way we did in studying anonymity and pseudonymity. We know a lot and can do a lot. Each time I read on a zero-knowledge scheme or on another untraceable digital cash I am amazed by the amount of knowledge that the security community has gained and by its arsenal of mechanisms that can buy us any sort of anonymity or pseudonymity we want to deploy. But do we? In spite of our having the ability to establish anonymous surfing, have untraceable digital cash tokens, and carry out anonymous payments, we don’t really use these abilities, at large.

If you are not in the security business you are not even likely to be aware of these technical abilities.

Read more »

  2005-06-04

Trojan-Horse Espionage in Israel -- A Tip of an Iceberg

  By Hagai Bar-El   , 661 words
Categories: IT Security

About one week ago, a serious commercial espionage system was discovered in Israel. For years, several large-scale companies in Israel enjoyed inside information about their competitors using private investigators who were using a Trojan horse application that was planted on victims’ workstations. More details can be found in this Globes article.

Obviously, the topic made it to the national news primarily because it involved high-profile companies in Israel, companies that “everybody knows", and because it led to the arrest of several top executives. It’s the first time such a large scale espionage act is discovered in Israel, and this is new, but the rest is not.

Read more »

1 2 4 5

Search

  XML Feeds

License

All contents licensed under the Creative Commons Attribution license.