Why Must We Still Fear the BEAST, and What Can We Do?
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]
Nothing New Under the Sun (or in the Cloud)
I see a lot of misguided talk about cloud computing and its security as the New Big Thing. I was reminded of this the other evening when the local brewpub hosted a talk by Gene Spafford, the director of Purdue University’s CERIAS, the Center for Education and Research in Information Assurance and Security. Spaf spoke […]