SEARCH RESULTS
 
Showing 1-10 of 52 records
 
Expand article

Third Parties Controlling Information

2008-02-27 05:46:46 by schneier in Schneier on Security
 
...Bits and pieces of the web disappear all the time. It's called "link rot," and we're all used to it. A friend saved 65 links in 1999 when he planned a trip to Tuscany; only half of them still work today. In my own blog , essays and news articles and websites that I link to regularly disappear -- sometimes within a few days of my linking to...
 
Tags: regularly disappear, regularly, disappear, position papers disappear, web bulletin board, web, information, entire websites disappear, internet
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...bits for secret-key ciphers; RSA or Diffie-Hellman >= 2048 bits or ECC >= 256 bits for public-key ciphers; SHA2 for hashing; and >= 128 bit key lengths for HMACs) for new code. This pretty much covers #8 on OWASPs list, Insecure Cryptographic Storage As for the rest of the OWASP Top Ten list, we still have some work to do to more fully...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle
 
...bits for (i=iLow; i case 1 : // set upper bits for (i=iLow; i case 2 : // toggle all bits for (i=iLow; i case 3 : // set to random chars for (i=iLow; i case 4 : // set NULL chars to (possibly) non-NULL for (i=iLow; i case 5 : // swap adjacent bytes for (i=iLow; i case 7 : // set bytes to one random char ch=(char)(rand() % 256 for (i=iLow; i...
 
Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz
 
 
 
 
Expand article

The Cipher on the Wall

2007-05-24 00:00:00 by Ari Juels in Speaking of Security, the RSA Blog and Podcast
 
...bits is the length of many RSA keys used in practice today, a short journalistic leap of fancy raises the specter of imperiled retail transactions on the Web. If there is writing on the wall for 1024-bit RSA, though, what's written is in cipher--and it's wholly unclear how long the cryptanalysis will take
 
Tags: wall, 1024-bit rsa, short journalistic leap, recent announcement, retail transactions, wholly unclear, cipher, fancy raises, trade publication
 
 
 
 
Expand article

Cracking passwords on a PlayStation

2007-12-03 16:37:00 by Keith Brown in Security Briefs
 
...bits! If you used a 12 character password, it's only a 79-bit keyspace. And that's the best case, assuming you included numbers, punctuation characters, as well as upper and lower-case letters, and generated it from a good random source. If you only used numbers, you'd end up with a whopping 40-bit keyspace Hervey and I worked on an article...
 
Tags: password, character password, key, password database, keyspace, 256-bit aes key, 40-bit keyspace, passwords, encryption
 
 
 
 
Expand article

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security
 
...bits, except for the last two that use no encryption -- because it gives you better performance than the longer bit lengths. In almost all cases, a 128-bit key is more than sufficient to protect the information you're exchanging over HTTPS However, if you require something longer, and want to change the default, you can. Here's how Open your...
 
Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes
 
 
 
 
Expand article

Playing around with my blog

2007-09-26 18:40:21 by Steve Riley in Steve Riley on Security
 
...bits of info for you A ClustrMap , that shows the locations around the world where people read my blog from. I registered the thing back in December 2006, but just figured out how to add it to the blog software a few days ago My bookmarks from del.icio.us . I just started this yesterday and I've put in some links that many of you ask about....
 
Tags: blog, time, blog software, technorati favorites, days ago, ordinary citizens, technorati stuff, right-hand column, blood boil
 
 
 
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...bits die hard. For most of the history of information security, emphasis on security has roughly followed this model Historical approaches to security have placed most emphasis on the network, with decreasing consideration of individual computers and the applications they run, and the least amount of consideration for the security of the...
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...bits/bytes Will we apply malformations with or without restriction? Are we going to be deterministic or random or both? How many times in a single iteration do we apply any given malformation Stage 3: Delivery of fuzzed data to the application under test Determining the best method to get the application under test to consume the fuzzed data...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Consumer Reports on Aviation Security and the TSA

2008-01-10 13:58:40 by schneier in Schneier on Security