Meet LibreSSL
Nov 20,
2014
The SSL/TLS protocol suite is critical for Internet security. Unfortunately, it’s one of those things that’s nice in theory but messy in practice. Good news — a very promising project is bringing help! We commonly say that we use SSL to secure Internet activity. However, that statement taken literally is very out of date! We […]
cryptography,
Dual_EC_DRBG,
ECC,
elliptic curve cipher,
Heartbleed,
LibreSSL,
linux,
open source,
OpenBSD,
OpenSSL,
Poodle,
secure design,
secure programming,
SSL,
TLS
Security From The Clouds To Orbit
Sep 16,
2014
Last month I wrote about some current cybersecurity concerns about satellite ground stations. That may seem rather exotic to many readers, but all of us rely on reasonably accurate weather predictions. Satellite cybersecurity problems would hurt all of us, but we can draw useful lessons from this episode. The U.S. Commerce Department’s Inspector General is […]
Noisy Side-Channel Attacks Show Why True Security Is Difficult
Sep 2,
2014
In Learning Tree’s Cloud Security Essentials course we talk some about how security is difficult. Yes, there are issues of secure software implementation (the Heartbleed bug, for example) and cautious configuration, but the first step is designing a system that has a chance of being secure. As Ross Anderson explains in his textbook “Security Engineering” […]
Here’s Some Guidance on Developing Secure Cloud Applications
Jan 12,
2014
As we discuss in Learning Tree’s Cloud Security Essentials course, it is enormously difficult to design and implement secure systems. Help is available! SAFECode or the Software Assurance Forum for Excellence in Code has the mission statement “”SAFECode is dedicated to increasing trust in information and communications technology products and services through the advancement of […]
“Security is not a magic cream…”
Sep 20,
2012
So begins a quote we use in our Introduction to System and Network Security course. Too often we view security as an afterthought – something to add to our network or organization. We talk about hardening systems to mean making them more secure. This is totally a backwards approach. We need to consider security and […]