Making the High Security of Repeated Hashing Practical
Last week I explained how repeated hashing works. Our user Alice can prove that she knows her secret without exposing that secret, and the server can verify this without knowing what her secret is. The follow-up question is – how to make it practical? My explanation last week told you how repeated hashing works, but […]
Why You Need to Update Your PHP Installation NOW!
My first job was as a programmer. Well, OK, it was teaching programming. I learned BASIC and FORTRAN in high school in the mid 1970s. I learned C and Pascal and a handful of other languages in college. As and undergrad I taught FORTRAN to freshmen. Some years ago I needed to build some dynamic […]
Patch Bash Now, Shellshock Exploits Are Widespread
I was recently doing some work at a Major Financial Institution when I overheard two systems engineers comparing notes: “I have to install that Bash shell patch on my servers by the end of next month.” “Hah! My servers don’t have to have it until the end of the month after that! Guys, please. Patch […]
What Happens When Your Cloud Server Gets Hacked?
Kevin Kell, another Learning Tree instructor, wrote a nice report about what happened when a Bitnami instance he was running in Amazon’s EC2 cloud for Learning Tree’s Amazon Web Services course. Read Kevin’s report for some details, or a page on my site for even more, but here is the short version: Several cloud servers […]
Google’s “By Default” Cloud Storage Encryption Means very Little
Last week I passed along Google’s announcement that they now encrypt all cloud storage by default. I mentioned how this was following Amazon’s offerings of encryption for their S3 storage service. We have been comparing Amazon’s client-side and server-side encryption in Learning Tree’s Cloud Security Essentials course for some time, and now Google’s new service […]