Page 3 of 3

<<

• BadUSB implications

  Aug 14

  At BlackHat 2014, a new attack on USB peripherals was presented. The attack has been dubbed BadUSB and uses the specified behavior of USB - thus it will be very hard to do something about. The attack fundamentally is quite similar to boot sector attacks...

• Low threat key verification protocols considered harmful

  Aug 12

  One of the most problematic aspects with public key cryptography is the necessity for key verification. If Alice has a key that she thinks is from Bob, how does she know that it really is from Bob and not from Mallory who is trying to do a man-in-the...

• The Asymmetry of Security

  Aug 12

  One of the most problematic aspects of security, anonymity and privacy in the current day and age is that it is fragile. What I mean with this is that it is very easy to break it. So the fundamental asymmetry is that you have to protect your security...

• Canaries Don't Work

  Jun 13

  More and more security conscious people and services have taken to put up various kinds of NSL canaries. The basic idea is that if the government comes with an NSL containing a gag order, you will not update the canary, thus alerting everything that you've been compromised by the government. However, this will likely not work.

• Against Integrated Systems

  May 31

  There is a current trend in software to build systems that can do many things. This trend is the most obvious when it comes to web browsers. But from a security perspective this trend is incredibly dangerous. I really don't want my applications to do more than the minimum necessary.

• Threat Models

  May 31

  Security is hard, and the way the software industry deals with security makes it even harder. In order to put some sanity into all of this, you should do threat modeling.

• The F-Secure Problem

  May 31

  A month ago at the Re:publica conference in Berlin, Mikko Hypponen and David Hasselhoff took the stage and talked about Digital Freedom. But some of what they said there was a bit problematic. Here I'm just going to talk about one specific issue - the lack of HTTPS.