Good Enough Security

Product Security Engineering in the Real World and Why Security Systems Fail

Wednesday, November 21, 2012

Stack Exchange posts pt. 2

Following my previous post on the subject, here are a few more links to posts on the Stack Exchange IT Security Q&A site:
  • Is it safe to use a weak password as long as I have two-factor authentication?
  • Client side password hashing
  • When using symmetric key encryption, do we need to sign?
  • Reset password - should I prevent abusing it?
  • What is the potential impact of these SSL certificate validation vulnerabilities?
  • Can someone detect the URL an android app uses?
  • Encryption in an embeddded system


Posted by David Wachtfogel at 1:52 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Stack Exchange

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

______________________

This blog is about epic security system fails and why they occur. The seven laws of security engineering are here.

About Me

My photo
David Wachtfogel
Hardware product security expert at AWS.
View my complete profile

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Greatest hits

  • Protecting the weak (passwords)
  • How the PS3 LV0 key was (probably) hacked
  • HDCP: Cool New Hack
  • Moved to Twitter and Pulse
  • Security Testing: Why it’s important things don’t work when they shouldn’t
  • History of Security Failures 101: Crypto Flaws

Security RSS/Blog Roll

  • Slashdot: Security
    CarFax For Used PCs: Hewlett Packard Wants To Give Laptops New Life
    28 minutes ago
  • The Register: Security
    US shuts down a string of North Korean IT worker scams
    50 minutes ago
  • bunnie's blog
    Name that Ware, June 2025
    8 hours ago
  • Schneier on Security
    How Cybersecurity Fears Affect Confidence in Voting Systems
    12 hours ago
  • Light Blue Touchpaper
    Cambridge Cybercrime Conference 2025 – Liveblog
    5 days ago
  • Freedom to Tinker
    Aligned Generative Models Exhibit Adultification Bias
    1 week ago
  • Hack in the Box
    North Korean hackers posing as IT workers steal over $1B in cyberattack
    7 months ago
  • A Few Thoughts on Cryptographic Engineering
    Some rough impressions of Worldcoin
    1 year ago
  • CSOONLINE.com - News
    Most popular generative AI projects on GitHub are the least secure
    2 years ago
  • Mocana DeviceLine Blog
    A Definitive Guide to OT/IoT Modernization
    3 years ago
  • Ars Technica: Security
    What the newly released Checkra1n jailbreak means for iDevice security
    5 years ago
  • root labs rdist
    In Which You Get a Chance to Save Democracy
    7 years ago
  • Bristol Cryptography Blog
    Crypto 2017 - How Microsoft Wants to Fix the Internet (Spoiler: Without Blockchains)
    7 years ago
  • Cryptanalysis
    Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
    9 years ago
  • Good Enough Security
    Moved to Twitter and Pulse
    11 years ago
  • Travis Goodspeed's Blog
    Hillbilly Tracking of Low Earth Orbit Satellites
    11 years ago
  • Flylogic's Analytical Blog

Blog Archive

  • ►  2013 (1)
    • ►  September (1)
  • ▼  2012 (14)
    • ►  December (1)
    • ▼  November (4)
      • Security Testing: Why it’s important things don’t ...
      • How the PS3 LV0 key was (probably) hacked
      • Stack Exchange posts pt. 2
      • Some thoughts on two-factor authentication
    • ►  October (1)
    • ►  August (2)
    • ►  July (2)
    • ►  June (2)
    • ►  February (1)
    • ►  January (1)
  • ►  2011 (25)
    • ►  November (5)
    • ►  October (7)
    • ►  September (4)
    • ►  August (9)
Simple theme. Powered by Blogger.