Before wrapping up this series of posts on why standardized security systems fail let's do a quick run on a few more systems.
Showing posts with label Conflict of interests. Show all posts
Showing posts with label Conflict of interests. Show all posts
Friday, November 4, 2011
Thursday, September 15, 2011
HDCP: (Sub)Standard Security pt.1
I owe the readers of this blog an explanation (or two). I promised to explain "Why Security Systems Fail" and so far, after more than a month, there was only one such post (on RSA SecurID).
To make up for this I'll do a series of posts on a group of security systems describing how and why they were breached. What these systems have in common is that they were each defined as a "standard" - i.e. a specification for the security system was published and was implemented by multiple parties. The first post in the series is dedicated to HDCP. Subsequent posts will cover GSM, X.509 certificates and others.
To make up for this I'll do a series of posts on a group of security systems describing how and why they were breached. What these systems have in common is that they were each defined as a "standard" - i.e. a specification for the security system was published and was implemented by multiple parties. The first post in the series is dedicated to HDCP. Subsequent posts will cover GSM, X.509 certificates and others.
Tuesday, August 16, 2011
The RSA SecurID debacle: Why it happened
The RSA SecurID saga was one of the more interesting security stories of 2011. Analyzing the background of this story can give some insight as to how security decisions are taken and why security systems fail.
Subscribe to:
Posts (Atom)