Are You Absolutely Certain That You Have The Real Source Code?
Why would you want to build a Linux kernel? Maybe you realize that there’s a local root exploit possible on your kernel version. Maybe you want to take advantage of improved storage performance or extended network capability. Maybe you need a very specific kernel version to support a combination of your motherboard hardware plus network […]
What Does The Recent SHA-1 Attack Mean For You And Your Organization?
Some top cryptographers have recently announced a significant step toward breaking the SHA-1 hash algorithm. Their work is described here and here, and also check out their paper. What does this mean for you and your organization? Let me start with a bit of background so the following makes sense. What Is A Hash? A […]
Darkhotel Shows That Hotel Cyber Security is Even Worse Than We Thought
I recently wrote about cyber security and hotels. Now Kaspersky Labs has reported that things are even more dangerous than we realized. Darkhotel is an APT or Advanced Persistent Threat. Since at least 2007 this sophisticated attack has targeted executives staying in luxury hotels in Asia, mostly in Japan. The technology and targeting suggest state-level […]
The Internet Has Serious Trust Problems
In Learning Tree’s System and Network Security Introduction course we talk about how digital signatures work, and how they are used to create x509.v3 digital certificates, which in turn are used to secure your connections to web servers. The connections are secured in two ways. First, by verifying the identity of the server to which […]
You Can’t Take It Back
A long time ago I wrote about the security fundamentals of the CIA (confidentiality, integrity and availability) along with authentication. Another fundamental is Authorization, which we will discuss later. But a concept some consider a fundamental is “Non-Repudiation”. It’s a combination of integrity and authentication, so it isn’t a true fundamental, but is an important […]