Archive for InfoSec

You are browsing the archives of InfoSec.

Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Poker Cards Marked With IR Codes

The short video clip below is an excerpt from a recent Defcon talk about cheating at poker using an electronic device that uses infrared to read specially marked playing cards. Watch the video first, then keep reading to get the whole story. Poker analyzer basic demo – [youtube.com] Here’s the whole story: Full(er) House: Exposing […]

How Real Hacking Works

Hacking computers is a mysterious and dangerous world that most of us don’t really understand. This video shows some hackers at DEFCON demonstrating their techniques on a reporter who volunteered to be hacked. The video shows some basic “social engineering” which may use technical knowledge and experience, but involves classic “confidence” manipulation to gain credentials […]

Using a Home Email Server for Federal Govt Business

The following article was published in March of 2015, but it’s worth a fresh look since we now know much more about Hillary Clintons home email server. Specifically, the requirement for assessment and authorization seems to have been ignored completely in the media stories. The State Department CIO had specific responsibility for this and the […]

Computer Security For Beginners

Don’t put any information that you don’t want exposed on any computer system that is connected to anything. Consider using a second computer that is not connected or a portable USB drive that can be unplugged or encrypted. Don’t connect any computer system to any other system or network of system without considering possible negative […]

Stop Using Quicktime for Windows

Quicktime for Windows is no longer being supported by Apple, but new vulnerabilities have been disclosed that include the possibility for “remote code execution”. This means exploits can likely take over control of a computer running Quicktime for Windows. The United States Computer Emergency Readiness Team (US-CERT), Trend Micro, and other security organizations have called […]

Holistic Information System Security

Too often, we think about and plan our information security in terms of protecting pieces of the system. We use firewalls and Anti-Virus (AV) software and intrusion detection and integrity checking and many more techniques to provide needed protections to various pieces. But we may not be paying enough attention to the gaps between the […]

Hashing Algorithms

A cryptographic hash function is a mathematical formula or algorithm that creates a one way encryption process. By “one-way”, this means the information that is encrypted by a hash function can not be decrypted. The purpose for using these one-way hashing algorithms is two-fold: to provide a check of integrity to protect some important piece […]

Witness Signatures Add Authenticity

Part of the Apple/FBI court case involves how software updates are protected with digital signatures. The key ensures that the update comes from Apple and therefore has a level of trust associated with the history of the company. The government is not asking Apple to turn over the signing key and Apple is not likely […]

Encryption Ensures Privacy

Encryption techniques are mathematically designed to be uncrackable, at least in an amount of time that relates to the value of the secret. This means the time and computing resources needed to successfully attack the encryption will cost more than the attacker is willing to spend. More computing power means less time. If it takes […]