Good Enough Security

Product Security Engineering in the Real World and Why Security Systems Fail

Wednesday, November 21, 2012

Stack Exchange posts pt. 2

Following my previous post on the subject, here are a few more links to posts on the Stack Exchange IT Security Q&A site:
  • Is it safe to use a weak password as long as I have two-factor authentication?
  • Client side password hashing
  • When using symmetric key encryption, do we need to sign?
  • Reset password - should I prevent abusing it?
  • What is the potential impact of these SSL certificate validation vulnerabilities?
  • Can someone detect the URL an android app uses?
  • Encryption in an embeddded system


Posted by David Wachtfogel at 1:52 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Stack Exchange

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

______________________

This blog is about epic security system fails and why they occur. The seven laws of security engineering are here.

About Me

My photo
David Wachtfogel
Hardware product security expert at AWS.
View my complete profile

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Greatest hits

  • Protecting the weak (passwords)
  • How the PS3 LV0 key was (probably) hacked
  • HDCP: Cool New Hack
  • Moved to Twitter and Pulse
  • Security Testing: Why it’s important things don’t work when they shouldn’t
  • History of Security Failures 101: Crypto Flaws

Security RSS/Blog Roll

  • Slashdot: Security
    Luigi Mangione's Ghost Gun Was Only Partially 3D-Printed
    1 hour ago
  • The Register: Security
    Biden’s antitrust crackdown on tech M&As may linger into Trump’s reign
    9 hours ago
  • Schneier on Security
    Friday Squid Blogging: Squid Sticker
    1 day ago
  • bunnie's blog
    Name that Ware, November 2024
    3 weeks ago
  • Hack in the Box
    North Korean hackers posing as IT workers steal over $1B in cyberattack
    3 weeks ago
  • Light Blue Touchpaper
    3rd edition of Ross Anderson’s Security Engineering now freely available for download
    5 weeks ago
  • A Few Thoughts on Cryptographic Engineering
    Some rough impressions of Worldcoin
    1 year ago
  • CSOONLINE.com - News
    Most popular generative AI projects on GitHub are the least secure
    1 year ago
  • Mocana DeviceLine Blog
    A Definitive Guide to OT/IoT Modernization
    3 years ago
  • Ars Technica: Security
    What the newly released Checkra1n jailbreak means for iDevice security
    5 years ago
  • root labs rdist
    In Which You Get a Chance to Save Democracy
    7 years ago
  • Bristol Cryptography Blog
    Crypto 2017 - How Microsoft Wants to Fix the Internet (Spoiler: Without Blockchains)
    7 years ago
  • Freedom to Tinker
    Routing Detours: Can We Avoid Nation-State Surveillance?
    8 years ago
  • Cryptanalysis
    Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
    9 years ago
  • Good Enough Security
    Moved to Twitter and Pulse
    11 years ago
  • Travis Goodspeed's Blog
    Hillbilly Tracking of Low Earth Orbit Satellites
    11 years ago
  • Flylogic's Analytical Blog

Blog Archive

  • ►  2013 (1)
    • ►  September (1)
  • ▼  2012 (14)
    • ►  December (1)
    • ▼  November (4)
      • Security Testing: Why it’s important things don’t ...
      • How the PS3 LV0 key was (probably) hacked
      • Stack Exchange posts pt. 2
      • Some thoughts on two-factor authentication
    • ►  October (1)
    • ►  August (2)
    • ►  July (2)
    • ►  June (2)
    • ►  February (1)
    • ►  January (1)
  • ►  2011 (25)
    • ►  November (5)
    • ►  October (7)
    • ►  September (4)
    • ►  August (9)
Simple theme. Powered by Blogger.