Skip to content

CLKscrew: Another side channel you didn’t know about

30 August 2018 | Comments Off on CLKscrew: Another side channel you didn’t know about

Network engineers focus on protocols and software, but somehow all of this work must connect to the hardware on which packets are switched, and data is processed. A big part of the physical side of what networks “do” is power—how it is used, and how it is managed. The availability of power is one of…

Give the Monkey a Smaller Club

15 August 2018 | Comments Off on Give the Monkey a Smaller Club

Research: Are We There Yet? RPKI Deployment Considered

13 August 2018 | Comments Off on Research: Are We There Yet? RPKI Deployment Considered

The Resource Public Key Infrastructure (RPKI) system is designed to prevent hijacking of routes at their origin AS. If you don’t know how this system works (and it is likely you don’t, because there are only a few deployments in the world), you can review the way the system works by reading through this post…

Network Collective: Security and Analytics

8 August 2018 | Comments Off on Network Collective: Security and Analytics

In this community roundtable, Eyvonne and I talk to Eric Osterweil about the increasing reliance on analytics in the realm of security.

Security and Analytics

2 August 2018 | Comments Off on Security and Analytics

On the ‘net: The Little Green Lock

31 July 2018 | Comments Off on On the ‘net: The Little Green Lock

Users—particularly those who do not understand technology as well—have long been taught to “look for the green lock in your web browser” to be certain they are communicating with a “trusted” site. For instance, here and here are articles stating that one way you know you can trust a site is by looking for the…

Research: HTTPS Interceptions

30 July 2018 | Comments Off on Research: HTTPS Interceptions

I have written elsewhere about the problems with the “little green lock” shown by browsers to indicate a web page (or site) is secure. In that article, I considered the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem…

On the ‘net: Understanding the Exploit Market

24 July 2018 | Comments Off on On the ‘net: Understanding the Exploit Market

How do attackers find a vulnerability, write a piece of code to take advantage of that vulnerability — i.e., build an exploit — build a software delivery system around the exploit and then deliver the attack itself? The key point to recognize in this process is that no single person undertakes all of this work.…

Research: Even Password Complexity is a Tradeoff

23 July 2018 | Comments Off on Research: Even Password Complexity is a Tradeoff

Stronger passwords are always better—at least this is the working theory of most folks in information technology, security or otherwise. Such blanket rules should raise your suspicions, however; the rule11 maxim if you haven’t found the tradeoff, you haven’t looked hard enough should apply to passwords, too. Dinei Florêncio, Cormac Herley, and Paul C. Van…

Short Take: Security as a Tradeoff

23 May 2018 | Comments Off on Short Take: Security as a Tradeoff

We often treat security as an absolute, “that which must be done, and done perfectly, or is of no value at all.” It’s time to take this myth head on, and think about how we should really think about security.

Scroll To Top