| |
| Current Topic: Computer Security |
|
Chertoff: We're Closing that Boarding-Pass Loophole | Threat Level from Wired.com |
|
|
|---|
| Topic: Computer Security |
12:32 am EST, Nov 18, 2008 |
DHS's Transportation Security Administration is currently testing an encrypted 2-D bar code that includes all the information from a boarding pass and is digitally signed to ensure the data hasn’t been altered. In the pilot, passengers show the bar code to TSA identity checkers, who use a scanner to read the image off the passenger’s smartphone, and then check the person’s identification against the decrypted information. The system also works using public-key cryptography, which lets the TSA use scanners that don’t need to connect to airline databases, and they don’t store records of who is traveling.
Really, really cool. Smart use of crypto to solve a real security problem. I never thought I'd say these three words but: Good job TSA! Chertoff: We're Closing that Boarding-Pass Loophole | Threat Level from Wired.com |
|
RE: Microsoft Security Bulletin Advance Notification for October 2008 |
|
|
|---|
| Topic: Computer Security |
5:40 pm EDT, Oct 23, 2008 |
noteworthy wrote:
Things that make you go "hmmm..." This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on October 23, 2008.
If you haven't seen it, Microsoft has just recently started publishing an immense amount of technical detail about these vulnerabilities. Look here and here. RE: Microsoft Security Bulletin Advance Notification for October 2008 |
|
Do You Email Under the Influence? Try ‘Mail Goggles’ » The StartUp Blog at PartnerUp |
|
|
|---|
| Topic: Computer Security |
12:11 pm EDT, Oct 20, 2008 |
Google’s new test feature, “Mail Goggles,” part of the free Gmail service, can save those who send the occasional (or frequent) tipsy (or inebriated) email a whole lot of regret and an even bigger headache in the morning. When the goggles are active, they will require you to solve a few easy math problems before you hit “send.” Basically Google’s logic is that if you’re sober enough to solve the problems, then you’re sober enough to deal with the repercussions of your actions.
Ha! Do You Email Under the Influence? Try ‘Mail Goggles’ » The StartUp Blog at PartnerUp |
|
|
|---|
| Topic: Computer Security |
10:12 am EDT, Oct 9, 2008 |
VeriSign, often criticized for trying to exercise too much control over the net, counter-proposes that its role be enlarged. Under its proposal (.pdf), the root zone file will be signed using keys it distributes to the root server operators and if enough of them sign the file, then it is considered official.
For some reason Verisign thinks they should be able to sign the root keys instead of ICANN. I can see absolutely no reason why that would be a good idea. Verisign and DNS Sec |
|
DNSSEC-bis for complete beginners (like me) |
|
|
|---|
| Topic: Computer Security |
5:48 pm EDT, Sep 24, 2008 |
Below you will find explained all concepts of DNSSEC-bis in a way that furthers understanding.
A quick primer on DNSSEC, which you will need to understand shortly, I think. DNSSEC-bis for complete beginners (like me) |
|
Feds tighten security on .gov - Network World |
|
|
|---|
| Topic: Computer Security |
2:33 pm EDT, Sep 22, 2008 |
All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites.
Feds tighten security on .gov - Network World |
|
More on BGP Attacks -- Updated | Threat Level from Wired.com |
|
|
|---|
| Topic: Computer Security |
11:17 am EDT, Aug 27, 2008 |
you can read how Anton Kapela and Alex Pilosov conducted their interception of the DefCon network traffic in the slides from their talk (.ppt). Their DefCon presentation, by the way, was an unscheduled, last-minute talk that occurred at the end of the last day of the DefCon conference, so it hadn't appeared on the conference schedule.
Worth a look. More on BGP Attacks -- Updated | Threat Level from Wired.com |
|
Neosploit exploit kit shutters operations? | Zero Day | ZDNet.com |
|
|
|---|
| Topic: Computer Security |
11:06 am EDT, Jul 29, 2008 |
“Unfortunately, supporting our product is no longer possible. We apologize for any inconvenience, but business is business since the amount of time spent on this project does not justify itself. We tried hard to satisfy our clients’ needs during the last few months, but the support had to end at some point. We were 1.5 years with you and hope that this was a good time for your business. Now we will not be with you, but nevertheless we wish that your businesses will prosper for a long time! Good luck all, The Neosploit Team!”
"We're legitimate business men!" Neosploit exploit kit shutters operations? | Zero Day | ZDNet.com |
|
