From NIST : Second round candidates for the SHA-3 competition have been selected. Final selection of the winning algorithm is set for August 23-24, 2010, after Crypto 2010.
The candidate algorithms are linked here.
mynfosec
A space to collect and connect on infosec research and experiences.
Saturday, November 7, 2015
Monday, May 21, 2012
Kip Hawley Reviews Liars and Outliers
Kip Hawley Reviews Liars and Outliers:
In his blog:
I'm hosting Kip Hawley on FireDogLake's Book Salon on Sunday at 5:00 - 7:00 PM EDT. Join me and we'll ask him some tough questions about his new book.
In his blog:
I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For my colleagues inside the government working the various identity management, security clearance, and risk-based- security issues, L&O should be required reading.
[...]
L&O is fresh thinking about live fire issues of today as well as moral issues that are ahead. Whatever your policy bent, this book will help you. Trust me on this, you don’t have to buy everything Bruce says about TSA to read this book, take it to work, put it down on the table and say, “this is brilliant stuff.”
I'm hosting Kip Hawley on FireDogLake's Book Salon on Sunday at 5:00 - 7:00 PM EDT. Join me and we'll ask him some tough questions about his new book.
Wednesday, February 22, 2012
Re-framing the problem
Success against overwhelming odds is achieved by reframing the problem.
Ben Sapiro has a great "treatise" on Liquidmatrix.
Ben Sapiro has a great "treatise" on Liquidmatrix.
Thursday, December 10, 2009
Regex dos = redos
OWASP podcast #56 with Jim Manico interviewing Adar Weidman.
Good coverage of interesting aspect of regex parsing that can lead to
DOS at server and browser.
Http://www.owasp.org/index.php/Podcast_56
David Kadow
--
Good coverage of interesting aspect of regex parsing that can lead to
DOS at server and browser.
Http://www.owasp.org/index.php/Podcast_56
David Kadow
--
Monday, September 21, 2009
Data Forensics and New State Laws
According to an interview by Networkperformancedaily, with Matt Miller of the Institute for Justice, "Last year ( 2007 ), the state of Texas passed a law that basically said that to perform a lot of types of data analysis; you have to have a private investigator's license. And, if you perform that analysis without a license, or if you are a customer and you seek to have that analysis performed by somebody without a license, it is punishable by up to one year in jail and up to $14,000 in fines."
ThiSo this is not a new case, but it's important, and it's not over, and you should follow this and similar cases in other states, as it could severely limit your ability to do parts of your job.
As IT professionals, security and related operations have always been part of the job of designing and administering systems, maintaining uptime, and investigating problems.
The summary statements of the laws we discuss here sound sensationalist, and indeed, the devil is in the details. However I'm not going to dissect the related laws from every state. I will review the important aspects, and try to avoid exaggeration. I will also provide POV from the Private Investigator, through interviews.
For now, some good resources are :
http://legal-beagle.typepad.com/wrights_legal_beagle/computer-forensics-license/
http://hack-igations.blogspot.com/2008/12/digital-forensics-private-eye-pi.html
http://www.networkperformancedaily.com/2008/07/interview_with_matt_miller_w_i.html
ThiSo this is not a new case, but it's important, and it's not over, and you should follow this and similar cases in other states, as it could severely limit your ability to do parts of your job.
As IT professionals, security and related operations have always been part of the job of designing and administering systems, maintaining uptime, and investigating problems.
The summary statements of the laws we discuss here sound sensationalist, and indeed, the devil is in the details. However I'm not going to dissect the related laws from every state. I will review the important aspects, and try to avoid exaggeration. I will also provide POV from the Private Investigator, through interviews.
For now, some good resources are :
http://legal-beagle.typepad.com/wrights_legal_beagle/computer-forensics-license/
http://hack-igations.blogspot.com/2008/12/digital-forensics-private-eye-pi.html
http://www.networkperformancedaily.com/2008/07/interview_with_matt_miller_w_i.html
Thursday, September 17, 2009
New SANS and WebSense reports point to where we should focus our defense.
NY Times picked this up with the headline that "Security Pros Are Focused on the Wrong Threats" ( By Riva Richmond )
Not really alarmist, considering the facts.
SANS:
Summary:
Point 1. PATCH!!!!!! What are you waiting for ?!?!?!?
because
Point 2. 60% of attacks are against legit websites, many of which are open to being sql-injected. This means unpatched users hitting those sites can easily be exploited while doing legitimate browsing. Point 2 was really FIX YOUR WEBSITES!, but the dual message is because so many sites are broken, patch your clients!
Websense:
Highlights:
• Websense Security Labs identified a 233 percent growth in the number of malicious Web sites in the last six months and a 671 percent growth during the last year.
• 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This remains unchanged from the last six-month period.
• 87.7 percent of email messages were spam. This represents a three percent increase over the last six months.
• 37 percent of malicious Web/HTTP attacks included data-stealing code. This remains unchanged from the last six-month period.
• 57 percent of data-stealing attacks are conducted over the Web. This number has stayed consistent over the six-month period.
Not really alarmist, considering the facts.
SANS:
Summary:
Point 1. PATCH!!!!!! What are you waiting for ?!?!?!?
because
Point 2. 60% of attacks are against legit websites, many of which are open to being sql-injected. This means unpatched users hitting those sites can easily be exploited while doing legitimate browsing. Point 2 was really FIX YOUR WEBSITES!, but the dual message is because so many sites are broken, patch your clients!
Websense:
Highlights:
• Websense Security Labs identified a 233 percent growth in the number of malicious Web sites in the last six months and a 671 percent growth during the last year.
• 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This remains unchanged from the last six-month period.
• 87.7 percent of email messages were spam. This represents a three percent increase over the last six months.
• 37 percent of malicious Web/HTTP attacks included data-stealing code. This remains unchanged from the last six-month period.
• 57 percent of data-stealing attacks are conducted over the Web. This number has stayed consistent over the six-month period.
Subscribe to:
Posts (Atom)