Articles tagged “security”

• Do you really care about security? A $25,000-scale pro­ject is or­dered by a large multi­na­tion­al cor­po­ra­tion. They claim they should be and are se­cure, since se­cu­ri­ty is cru­cial for them. Ask them how much of the bud­get of the pro­ject is al­lo­cat­ed to se­cu­ri­ty. They won't an­swer, be­cause…
  security 8 short 50
• The complexity of API keys When it comes to han­dling API keys, there are clas­si­cal­ly two sit­u­a­tions which are a bit prob­lem­at­ic: pub­lic shar­ing of a key and man in the mid­dle. Look­ing at the ap­proach­es by Ama­zon, Google and oth­er big com­pa­nies, I find it both over­ly com­plex…
  security 8
• Bad, bad passwords Pass­words are an aber­ra­tion. In a ide­al world, we wouldn't have pass­words, but only keys. The con­cept of a pass­word as a se­cu­ri­ty mea­sure is flawed, and leads to mul­ti­ple is­sues. Among oth­ers: When the pass­word is sent by the client to the serv­er,…
  security 8 user-experience 10
• Reinventing authentication I'm de­light­ed by the sim­plic­i­ty of OAuth 2.0 (as far as its in­te­gra­tion into Flask and ex­press takes takes less than five min­utes) and the fact that it makes pass­word man­age­ment some­one else's prob­lem.¹ Re­al­ly, I'm so de­light­ed that I now use it in…
  security 8 user-experience 10
• DRM, custom hardware and technical solutions to human problems A now closed ques­tion on Soft­wa­reEngi­neer­ing.SE asked about a way to pre­vent the users from get­ting screen­shots of an ap­pli­ca­tion. The con­text is an ap­pli­ca­tion show­ing sen­si­tive doc­u­ments in a bank. While the doc­u­ment is en­crypt­ed, it re­mains safe.…
  short 50 security 8
• Candy security The ti­tle of this ar­ti­cle is a term I dis­cov­ered through the book of Kevin D. Mit­nick, The art of de­cep­tion, page 79. It means that the com­pa­ny has strong se­cu­ri­ty perime­ter with the out­side world, but once you got through, noth­ing can stop you. In…
  security 8 short 50
• Kevin D. Mitnick's The art of deception Just fin­ished read­ing Kevin D. Mit­nick's The art of de­cep­tion. The first part of the book con­tains the sto­ries of so­cial en­gi­neers in ac­tion. The sec­ond part is a set of rec­om­men­da­tions. The sto­ries are fun to read; the rec­om­men­da­tions are some­times…
  short 50 security 8
• Setting inter-VLAN communication in Netgear ProSafe switches Re­cent­ly, I was try­ing to con­fig­ure VLANs in or­der to cre­ate more log­i­cal net­work view and in­crease the se­cu­ri­ty of the net­work by lim­it­ing the traf­fic from the dif­fer­ent types of ma­chines through the router ACLs. In or­der to do that, I had two…
  security 8 network 1