Recent security breaches further confirm that a password alone is not an effective security measure. An increasing number of cyber attackers are going after the password storage, be it a file or a database. Password storage once exposed, results in an impact that has been shown to be catastrophic. Password storage facilities today need to …
Two news report this week call up the term Cold War. First, Reuters reported that U.S. may act to keep Chinese hackers out of Def Con hacker event. Then China strike back State-owned enterprises banned from working with companies such as McKinsey because of fears they are passing on commercial secrets to Washington. Obviously, we see …
A team of security research discover a weakness in TLS design, quote form their website “A is malicious, it can choose a non-prime group such that the resulting PMS is fully under its control. if a malicious server Amounts a UKS attack to obtain two sessions (one with C and the other with S) that share the same MS, ciphersuite, …
TLS design weakness affecting client side authentications Read More »
Digital certificate is widely used and the Internet cannot work without it. However, PKI (the framework digital certificates based on) has lots of issues. Last year in ISO SC27 meeting at ENISA there was a special meeting on PKI. Many issues are only raised without a conclusion, same as most issues brought international meetings. How …
Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS) Read More »
Preparations for a blended IT environment Although the author discussed preparations for hybrid cloud, his points apply to most IT organisation now : This growth in the use of cloud services requires IT managers to re-evaluate their role. What role? Not only as a broker but builder. For most enterprise, IT manager will not build …
Recently, I have been involved in cloud security discussions in different occasion. As Christmas is coming, I think it is worth to repeat a point I made in 2005 via securityfocus.com mail list and still it is valid. It regarding BS7799 and its controls. “Without a Christmas tree, you can still have decorations but it …
The arm race on cyber security makes protecting Internet resources harder and harder. In the past, DDoS was mostly on Layer 3 and Layer 4 but reports from various sources identified Layer 7 DDoS is the prevalent threat. The slide below from Radware explains the changes in new DDoS trend. While protection on network traffic …
Layer 7 DDoS Attack : A Web Architect Perspective Read More »
Cloud Computing industry is well developed in Singapore, so it is not a big surprise seeing MAS TRM guideline has a section only on Cloud Computing. Reading the document as whole, it seems MAS is accepting the fact that cloud computing is or will be part of financial industry development. Section 5.2 Cloud Computing is …
When capturing and storing technology are so cheap, it is tempting for Gov to store everything. In this case, car plate images. I guess car rental business has another marketing theme to explore! Soon we will see computer rental and mobile phone rental. When trust is gone, people are willing to try extreme measures. There …
Since Singapore MAS released the TRM guideline last month, I believe many people are studying them (including me). Big Four accounting firms are usually most active in publishing explanatory reports and article with a purpose to generate more business leads. However, a group of Vmware certified professionals are taking the lead this time. They worked …
VCPs technical analysis on the MAS Technology Risk Management guidelines. Read More »