Shortening URLs Doesn’t Provide Any Security
Many people misunderstand the role of URL shortening tools. They see them as a security tool, which, they are not. I am on a project team that uses shortened URLs. We do it for user convenience. The shortening tools do one thing – they allow a longer URL to be replaced with a short one. […]
Skeptical Looks at Cryptography
We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]
What Are Traffic Analysis and Metadata?
In Learning Tree’s System and Network Security Introduction we discuss “traffic analysis,” noting that even if data are encrypted, one can still find out information by looking at who is sending encrypted data to whom. Along that same line, there has been a lot of discussion in the press recently about “metadata” – information about […]
Is Curtailing the Use of Encryption Apps a Good Idea?
Here in the US, and indeed in the press around the world, there are new calls to curtail the use of encryption. I suppose it is natural for politicians to seek boogeymen. Encryption is a good one as it just sounds like something only governments and bad guys would want to use. Never mind that […]
Find Your Hidden Services
When you are inventorying network services as part of a security audit, make sure that you find all your hidden services! I don’t mean a hidden server as with the so-called “Deep Web”, something only accessible through Tor, but instead a network service that you might overlook on a known server. I was reminded of […]