SecurityRatty: tag: defeat

Cold Boot Attacks Against Disk Encryption

2008-02-21 13:29:18 by schneier in Schneier on Security

...defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux The root of the problem lies in an unexpected property of todays DRAM memories. DRAMs are the...

Tags: main memory chips, memory, todays dram memories, dram, dram contents, memory contents, disk encryption, hard, hard disk contents

Why would anyone use standard WEP? Isn't it super easy to crack & sniff?

2007-01-19 16:01:12 by Editor in Endpoint Security: Translating Policy Into Reality

Using standard WEP is akin to using a pad-lock & chain for securing a bicycle. It keeps the honest people honest. The argument given that WEP is so weak that it's not worth using, isn't completely valid. Using the bike analogy, would you stop using a lock & chain simply because anyone with a set of bolt cutters can defeat them in a second?...

Tags: wep, standard wep, chain simply, chain, bike analogy, pad-lock, lock, completely valid, bolt cutters

Spammers defeat 'captcha' technology

2007-07-11 08:00:00 by Editor in IT Compliance

Optical character recognition defeats security measure that requires new users to identify twisted letters

Tags: letters, requires, users

DRM Scorecard Makes Me Wonder: The Media Industry and the TSA, Sadistic or Incompetent?

2007-08-02 08:19:00 by Eric Marvets in The Security Samurai

...defeat should they ever focus on the simple economics and technology of the pirating industry I would be happier if the media industry and the TSA were sadistic rather than incompetent. It would be comical to see these two groups meeting for the first time over drinks trying to one up each other We made a list comprised of thousands of names....

Tags: media industry, industry, media industry views, illogical behavior impedes, drm, behavior, drm scorecard, secret, secret internal referendum

The Austin Project

2008-01-21 22:45:39 by RSnake in ha.ckers.org web application security lab

...defeat the goal of building a team, so I may actually turn people away if we dont hit a critical mass. This is just as much an experiment for me as it is for anyone who would attend. I also may turn people away if I think they couldnt benefit from this - which is why Ill be asking for a resume from each of the people who are interested. If...

Tags: people, competent people, project, helps people focus, austin project, austin project web-page, security, web application security, site

On Religion; Security One, Of Course

2008-02-05 07:26:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...defeat (like NIDS or NIPS)? Is the incremental increase of security (e.g. vs amateur attackers) worth the headache of deployment efforts? Or does it create a false sense of security instead? It was also phrased as incremental vs "absolute" security Follow the debate and decide About me: http://www.chuvakin.org

Tags: security, broad security trends, security measures, incremental increase, incremental, gradient paper, false sense, main centers, deployment efforts

Security is Invisible and Customers won't Pay for Security

2008-01-25 19:06:11 by RaviC in Musings on Information Security

...defeat the whole purpose of security and making it invisible diminishes the value of security. It is a dichotomy that we (as security professionals) have to manage and live with. Customers who notice and are aware of security may start check on of the security aspect of a product before buying it. Unfortunately, security is just one aspect,...

Tags: security, poor software security, software security, aspect, security aspect, security professionals, visible, highly visible, security visible

ZDNet Asia and TorrentReactor IFRAME-ed

2008-03-04 09:15:20 by HASH0x8b3f7c8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...defeat the simple client-side cloaking, issuing a query of the form url:link1 is sufficient. This allows us to fake a click through from a real search engine page So the malicious parties are implementing simple referrer techniques to verify that the end users coming to their IP, are the ones they expect to come from the campaign, and not...

Tags: iframe, zdnet asia, pages, pages redirect, iframe-ed pages, torrentreactor, iframe-ing tactic remains, seo practices, torrentreactor seo practices

Got Entropy ?

2008-04-02 02:55:47 by Erik T. Heidt in Art of Information Security

...defeat of Netscapes HTTPS sessions Most operating systems utilize a hybrid approach, implementing a PseudoRandom Number Generator that has a seed that is regularly updated through the collection of random hardware events. This process is called Entropy Collection or Entropy Harvesting. For most applications, this approach should be completely...

Tags: entropy, random, 32-byte random, byte, hardware random, entropy sources, sequence, random sequence, pull entropy

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo