Wings of Hermes - A Cyber Blog
Thoughts on Cyber Security
Ramblings on all things in the space of Information Security
Parts of the Windows Crypto API are quite well documented (particularly the original CAPI stuff). Other parts….. I’ve been trying to get PKCS8 files working between OpenSSL and Windows. The Import/Export on Windows is so badly documented I eventually resorted to ASN.1 decodes and header file trawls to find what I needed. Anyway – if… Continue Reading PKCS8 files and Windows Crypto API
I’ve been messing around with the Windows LSA and implementing my own authentication package. It’s all part of an authentication server I’m building. The *NIX component (a PAM module) was pulled together in an afternoon. Windows is a slightly different story….. As always, MSDN has great documentation on the APIs, but there is not a lot… Continue Reading Implementating a SSA/AP proxy
I have just spent the arvo playing with IPv6 and brought up a tunnel using my web server as the tunnel endpoint in my network. Next thing I know every machine on the network (OS X/Windows/Linux) have been allocated IPv6 addresses in the /56 network I requested from the broker. Turns out I activated the… Continue Reading How many people will get burnt with IPV6 tunnels?
Patrick Hogan has done a great project on GitHub – IOS Certificate Key and Trust Sample Project – that pulls together all the concepts for RSA key importing/exporting and handling. It’s used some of the code from my import and export posts + code from a few other places together with his own work. Great… Continue Reading Nice Sample Project for iPhone RSA Key and Trust Handling
One of the biggest issues with security awareness is knowing what it is you are trying to achieve. It’s not enough to just run an awareness program – you have to be trying to drive an outcome. Over a period of time I have defined in my own head a kind of CMM for security… Continue Reading CMM for Security Awareness?
I read No pic, no fly plan for airports in The Age yesterday with a small amount of dismay. It’s always frustrating to see security measures that seem to be more about the appearance of security rather than the reality, and which will negatively impact the users (or travellers in this case). I’m really not… Continue Reading Airport Security – More Window Dressing?
Very belatedly I’ve been looking into the Stuxnet worm. Interesting new world we find ourselves in. This thing was surgical – not only damaging the equipment but hiding its footsteps. The question you have to ask though is if this is the one we know about – how many are out there that we don’t?
I was forwarded an article today from the BBC news website – Zurich Insurance fined £2.3m over customers’ data loss . It’s a fairly standard article about a financial institution being fined for losing customer data. What really struck me though was a comment in the article from the FSA – “Firms across the financial sector would… Continue Reading Zurich Insurance data loss – why target only the fincos?
Network World have an interesting article based on a Forrester research report on iPhone and iPad security, arguing it’s good enough for most cases.
I’ve spent the last two days working through this – and couldn’t find any easy code at all on the net. So to save others the time here is what I found. First off, when you export a key from the iPhone keychain, it’s exported in a cut down format – just the public key… Continue Reading Importing an iPhone RSA public key into a Java app