Category: "Security Policies"

About the Security Policies category

  23:04, by Hagai Bar-El   , 40 words
Categories: Security Policies

This category contains articles that discuss security policy issues, both at the corporate level and at the national and international levels. This domain contains security guidelines and procedures, as well as national policy considerations addressing national security, privacy, and more.

Pages: 1 2 4

  2007-09-07

Survey About DRM Acceptance

  21:54, by Hagai Bar-El   , 384 words
Categories: Security Policies

About a month late I got to see this news item about a survey that results in a conclusion that people are finally getting used to DRM.

Among other things, it says that:

The overall messages from these studies are: higher-priced DRM-free downloads resonate with a percentage of consumers but not a very large one; ...

and specifically that:

... the EMR/Olswang study found that only 43% would prefer “paying a little extra” for DRM-free tracks; and the In-Stat study found that only 19% would be willing to pay 30% more for a DRM-free track, as opposed to 29% who would not (44% said that it depends on other factors).

So, on the face of it, it seems as people start to not care much if their content is DRM-crippled; at least that's what the article implies. It also compares these statistics to those of a survey done years ago that presumably reflected more hostility towards DRM.

However, before I got the chance to be amazed enough at the outcome, I bumped into a seemingly unrelated observation of that same survey...

Full story »

  2007-09-06

Countermeasures That Can't Be Modeled

  21:53, by Hagai Bar-El   , 800 words
Categories: Security Policies

A couple of nights ago I drove back from some family event and got pulled over by a cop. Okay, I agree that this for itself is not worth a blog post. The cop asked me to open the window, he looked at me, asked me where I come from and where I am going to, and sent me off my way, without even bothering to carry out the standard papers check. The entire event took no longer than two minutes.

What took more than two minutes was my discussion with my wife about whether or not this sort of “examination” is worth anything. She believes it is probably a waste of tax payers money, to stop people just to ask them how they're doing. I happen to think that not only that this is not a waste of money, but it's probably one of the most effective uses for this money; at least for the money that is devoted to security.

Full story »

  2007-04-05

DHS wants DNSSEC keys -- so what?

  21:43, by Hagai Bar-El   , 369 words
Categories: Security Policies

The Department of Homeland Security (DHS) wants to have the root master keys of DNSSEC. This will allow them to fake DNS responses at will. Read all about it at:

Homeland Security grabs for net's master keys
Department of Homeland and Security wants master key for DNS

It caused quite a lot of fuss. I agree with the political feeling of discomfort, but I somehow cannot understand the threat that some people attribute to this.

Full story »

  2007-01-06

Is more security always better?

  21:41, by Hagai Bar-El   , 932 words
Categories: Security Policies

This depends on who you ask. Some people think that the more secure a system is, the better; with no exceptions. This school of thought is often attributed to product vendors. This approach helps them believe (and thus convince) that their product is a great buy, regardless of the situation. This approach is also common among information security newbies who believe that an additional requirement or mechanism can only make you more resistant, not less, and thus is always worth adding. The fancier of these guys call it an additional “layer”, so they sound more confident.

I guess it can be told by my tone so far that I disagree. Making a system or a network more secure is sometimes worthwhile and sometimes it is not.

Full story »

  2005-06-21

Today's Credit Card Fraud Prevention -- Throwing The Baby With The Bathwater?

  21:24, by Hagai Bar-El   , 596 words
Categories: Security Policies

E-commerce and credit cards in particular are always considered to have succeeded in overcoming the big problem of fraud. All too often when a new security mechanism is presented to combat credit card fraud its opponents claim that fraud in credit card transactions is already mitigated to an adequate extent. This does not seem as a false claim as we don't see Visa, Mastercard, or American Express going bankrupt due to fraud. The fraud figures are not too bad either considering the fact that no state-of-the-art mechanism is deployed yet for the masses.

However, trying to make an online purchase recently made me lose any respect I had for the so-called anti-fraud mechanisms that are used today.

Full story »

1 2 4