You are here


Time - Again - For Trustworthy Computing

Saul Hansell of the Washington Post has posted an article about real time attacks on one-time password tokens like SecurID and SafeWord. The strategy is to steal a user's one-time password after it is typed in and redirect it to a hacker to exploit immediately. The attack relies on Trojan software that has installed itself in the victim's computer.SecurID Card

One time passwords were not designed to protect against this type of thing. Once you have that sort of trojan, there's no way to use your computer reliably. Attackers can intercept what you're doing, change it to benefit them, and you won't know what happened until you look at your bank statement.

The only way to protect against such things is to ensure that your computer has not been hacked. This is hard, since there are lots of ways to attack a computer and not nearly as many ways to protect it.

Post category: 

Six Minute History of Information Security

I have been reading the ACM's Model Curriculum on Information Technology (a prototype "IT" major) with a special eye towards the information security coverage. I've been teaching information security courses and recently developed a major in the area.

The curriculum provides minimum times to cover major topics in the field, like 3 hours to cover "Fundamental Aspects" including the "history" of information assurance and security. After factoring out the other dozen 'learning outcomes' for that topic, one is left with six minutes to cover the "history" of information security.

Fred Cohen Shortcuts

Over the years, Fred Cohen has probably written more about information security on a broader range of subjects than any 3 other experts. He's posted a lot of it on his "" web site, which he's had since about the dawn of the World Wide Web. What the site lacks in pizazz it makes up for in content.

The only problem is that he doesn't put much attention into navigation. It takes patience to poke around and find what you want. I know he's had some classic papers on his virus work on-line, but I couldn't find them easily.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer