Good Enough Security

Product Security Engineering in the Real World and Why Security Systems Fail

Wednesday, November 21, 2012

Stack Exchange posts pt. 2

Following my previous post on the subject, here are a few more links to posts on the Stack Exchange IT Security Q&A site:
  • Is it safe to use a weak password as long as I have two-factor authentication?
  • Client side password hashing
  • When using symmetric key encryption, do we need to sign?
  • Reset password - should I prevent abusing it?
  • What is the potential impact of these SSL certificate validation vulnerabilities?
  • Can someone detect the URL an android app uses?
  • Encryption in an embeddded system


Posted by David Wachtfogel at 1:52 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Stack Exchange

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

______________________

This blog is about epic security system fails and why they occur. The seven laws of security engineering are here.

About Me

My photo
David Wachtfogel
Hardware product security expert at AWS.
View my complete profile

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Greatest hits

  • Protecting the weak (passwords)
  • How the PS3 LV0 key was (probably) hacked
  • HDCP: Cool New Hack
  • Moved to Twitter and Pulse
  • Security Testing: Why it’s important things don’t work when they shouldn’t
  • History of Security Failures 101: Crypto Flaws

Security RSS/Blog Roll

  • Slashdot: Security
    Mark Zuckerberg Opened an Illegal School At His Palo Alto Compound. His Neighbor Revolted
    38 minutes ago
  • The Register: Security
    Rideshare giant moves 200 Macs out of the cloud, saves $2.4 million
    2 hours ago
  • Freedom to Tinker
    CITP Is Now Accepting Applications for the 2026–27 Fellows Program
    8 hours ago
  • Mocana DeviceLine Blog
    Boosting Performance with GTD: Smarter, Region-Based DNS Routing | DigiCert
    11 hours ago
  • Schneier on Security
    Rigged Poker Games
    16 hours ago
  • bunnie's blog
    Name that Ware, October 2025
    1 week ago
  • Light Blue Touchpaper
    App-solutely Modded: Surveying Modded App Market Operators and Original App Developers
    1 month ago
  • Hack in the Box
    North Korean hackers posing as IT workers steal over $1B in cyberattack
    11 months ago
  • A Few Thoughts on Cryptographic Engineering
    Some rough impressions of Worldcoin
    2 years ago
  • CSOONLINE.com - News
    Most popular generative AI projects on GitHub are the least secure
    2 years ago
  • Ars Technica: Security
    What the newly released Checkra1n jailbreak means for iDevice security
    5 years ago
  • root labs rdist
    In Which You Get a Chance to Save Democracy
    7 years ago
  • Bristol Cryptography Blog
    Crypto 2017 - How Microsoft Wants to Fix the Internet (Spoiler: Without Blockchains)
    8 years ago
  • Cryptanalysis
    Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
    10 years ago
  • Good Enough Security
    Moved to Twitter and Pulse
    12 years ago
  • Travis Goodspeed's Blog
    Hillbilly Tracking of Low Earth Orbit Satellites
    12 years ago
  • Flylogic's Analytical Blog

Blog Archive

  • ►  2013 (1)
    • ►  September (1)
  • ▼  2012 (14)
    • ►  December (1)
    • ▼  November (4)
      • Security Testing: Why it’s important things don’t ...
      • How the PS3 LV0 key was (probably) hacked
      • Stack Exchange posts pt. 2
      • Some thoughts on two-factor authentication
    • ►  October (1)
    • ►  August (2)
    • ►  July (2)
    • ►  June (2)
    • ►  February (1)
    • ►  January (1)
  • ►  2011 (25)
    • ►  November (5)
    • ►  October (7)
    • ►  September (4)
    • ►  August (9)
Simple theme. Powered by Blogger.