One of the biggest issues with security awareness is knowing what it is you are trying to achieve. It’s not enough to just run an awareness program – you have to be trying to drive an outcome. Over a period of time I have defined in my own head a kind of CMM for security… Continue Reading CMM for Security Awareness?
I was doing some reading on the distribute.it hack and stumbled onto a reference to a Risky Business podcast on probablistic risk assessments. It’s a great argument as to why risk assessment does not work well in the information security space. The basic thesis is you can’t assign a probability to a serious attacker. … Continue Reading Commentry on Probablistic Risk Assessments
I read No pic, no fly plan for airports in The Age yesterday with a small amount of dismay. It’s always frustrating to see security measures that seem to be more about the appearance of security rather than the reality, and which will negatively impact the users (or travellers in this case). I’m really not… Continue Reading Airport Security – More Window Dressing?
Very belatedly I’ve been looking into the Stuxnet worm. Interesting new world we find ourselves in. This thing was surgical – not only damaging the equipment but hiding its footsteps. The question you have to ask though is if this is the one we know about – how many are out there that we don’t?
So following from my post on exporting a public key from an iPhone into java, here is some sample code for going the other way. It follows the same logic as exporting the key but in reverse. (It starts with decoding the Base64 piece as the app I am working on always passes data in… Continue Reading Import Standard RSA key to iPhone key store
I was forwarded an article today from the BBC news website – Zurich Insurance fined £2.3m over customers’ data loss . It’s a fairly standard article about a financial institution being fined for losing customer data. What really struck me though was a comment in the article from the FSA – “Firms across the financial sector would… Continue Reading Zurich Insurance data loss – why target only the fincos?
Network World have an interesting article based on a Forrester research report on iPhone and iPad security, arguing it’s good enough for most cases.
I seem to be struggling with lots of things lately that should be easy, but I just can’t find an easy way to do them. My latest struggle has been using NSURLConnection to connect to an SSL site that is secured using my root certificate. There is no easy reference anywhere for how to do… Continue Reading iPhone SSL based NSURLConnection with your own root cert
Strange. com.sun.org.apache.xml.internal.security.utils.Base64 is a part of the base Java 1.6 runtime (it’s found in rt.jar). But Netbeans throws errors on it unless you include the METRO 2.0 jar file as a library to compile against (you don’t need to package it). Or at least that’s the case on Windows. On OS X it just works. What… Continue Reading Base64 classes in an EJB module with Netbeans
I’ve spent the last two days working through this – and couldn’t find any easy code at all on the net. So to save others the time here is what I found. First off, when you export a key from the iPhone keychain, it’s exported in a cut down format – just the public key… Continue Reading Importing an iPhone RSA public key into a Java app