I attended CyberTech 2014 on January 27th-28th. CyberTech is a respectable conference for technologies related to cyber-security. The conference consisted of lectures and an exhibition. The lectures were most given by top notch speakers from the security space, both from the public sector and from the private sector; most being highly ranked executives. The exhibition sported companies ranging from the largest conglomerates as IBM and Microsoft, to garage start-ups.
I am easy to disappoint by cyber-security conferences. Simply put, there are more cyber-security conferences than what the security industry really has to say. This implies that for the security architect or practitioner, most cyber-security conferences lack sufficient substance. I take CyberTech 2014 with mixed emotions too. The exhibition showed interesting ideas, especially by start-ups, while the lectures left more to wish for.
Continue reading "CyberTech 2014"
I have just finished reading Little Brother by Cory Doctorow. This book presents the story of a typical but tech savvy teenager who falls victim to harassment by the Department of Homeland Security and the police state, where every citizen is constantly tracked and monitored as a potential terrorist. The story is fictitious, of course, but those who follow the reaction of some nations to the terrorism threat and the ever increasing amplitude and sophistication of wholesale surveillance, cannot miss that while the story is factually fictitious, it is not at all implausible.
Continue reading "Book review: Little Brother"
I finally got to read Bruce Schneier’s new book: “Liars and Outliers". The book is pleasant to read, but truth be told, I was slightly, just slightly, disappointed.
The book is written in Bruce’s style, which I like and appreciate. Like all of his books and essays, it is crystal clear, and is extremely well-written. It is written in a way that makes it comprehensible by absolutely everyone. Not too many people with Bruce’s knowledge can write in such clear style.
What I less liked about this book is its overall triviality. Bruce Schneier is excellent in using trivial down-to-earth facts and notions to get his point across. This is one of the best features of his texts. However, in “Liars and Outliers” I feel it went a bit too far. The book does not take you from the trivial to the “Wow!” but mostly repeats the discussion of trivial phenomenons that bring to trivial conclusions. The discussions are interesting, and the points made are valid and worthy, but I cannot avoid suspecting that the book could be cut down to half of its length without losing much of its substance.
There are many IT security podcasts out there; too many, perhaps. Certainly too many to listen to. The challenge is to decide on which ones to follow on a regular basis. I became aware of a good candidate a couple of years ago, and since it retained its qualities (listed below) over time, I figured it is worth mentioning.
Continue reading "Recommended Podcast: Security Now"
This podcast is called: “Security Now” and it is featured by Steve Gibson and Leo Laporte. Leo is a good host. He manages the show and its topics well, all in a healthy, joyful, spirit. Steve is a well-known security expert, and the creator of SpinRite — a disk maintenance and recovery tool.
I have just enjoyed reading “Evaluating Commercial Counter-Forensic Tools” by Matthew Geiger from Carnegie Mellon University. The paper presents failures in commercially-available applications that offer covering the user’s tracks. These applications perform removal of (presumably) all footprints left by browsing and file management activities, and so forth. To make a long story short: seven out of seven such applications failed, to this or that level, in fulfilling their claims.
Continue reading "Evaluating Commercial Counter-Forensic Tools"
About two months ago I was delighted to see the new version of what I consider to be the first open source drive encryption program for Win32. It’s name is TrueCrypt, and it provides functionality that resembles that of DriveCrypt from SecurStar.
Some basic features are still missing such as the option to use a key file or multiple phrases. However, TrueCrypt has two benefits that are very unique to disk encryption products under Win32: It is open source, and it is free. I therefore see it as an appealing alternative to DriveCrypt and to PGPDisk in some environments.
One major issue about it that was not yet resolved is, of course, security. An in depth review of TrueCrypt was not yet published (to the best of my knowledge), and was never requested, but the products being open source makes one assume that if there is a deadly flaw to it, it will one day be found - hopefully by the good guys first.