Posted in Security

Frequent password changes — good or bad?

I read an article titled Frequent password changes are the enemy of security which I find misleading and missing the point.

In this article, Carnegie Mellon University professor Lorrie Cranor, who became chief technologist at FTC challenges FTC’s advice

FTC’s advice: Encourage your loved ones to change passwords often, making them long, strong, and unique.

... read more
Continue Reading...
Posted in Security Software

Elliptic Curve Cryptography: computing shared key

Elliptic Curve Cryptography: computing shared key

If Alice and Bob want to exchange encrypted messages, they need to first agree on a Key. This shared key (also known as symmetric key) will be used to by both parties to encrypt messages. There are many ways of arriving at the shared key (including the old fashioned ... read more

Continue Reading...
Posted in Security Software

Perils of Unreachable Code — was it deliberate?

There is no substitute for detailed code reviews, more so if the code is related to security. Any changes to such code, however minor, should be reviewed. However, in addition, it also helps if the compiler, tools etc can help in flagging potential errors.

Take the case of the very serious security error in ... read more

Continue Reading...
Posted in Security Software World

Security, Privacy and Post-it notes: what to make of the recent revelations

If you work in the computer security area, it is like drinking from the fire hose, what with the daily revelations about snooping and spying by the NSA. So much to talk, write and discuss. Comedians (and their writers) get excited when interesting politicians become newsmakers, as it makes their jobs much easier and more ... read more

Continue Reading...