flaws

Grade School Crypto Videos

This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The…
Cities, Disneyland, and Software Security

I like to think of our modern software infrastructure as being like a large city and…
libhairshirt vs libfootgun

Peter Gutmann, an interesting crypto-academic from New Zealand, has proposed discussing two crypto libraries, libhairshirt and…
Old Story: Leaked Voter Records

My previous posting on the Proud Boys spam email speculated that voter records were widely available…
Life Cycle of a Security Bug

Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws)…
The Six Types of Cyber-Risks

My textbook lists categories of cyber-attacks that focus on an attack’s lasting impact: how does it affect the…
The Big Bug in the News: the WPA2 flaw

The big news this week is a protocol flaw in the Wireless Protected Access protocol, version…
Tiptoeing Through Vulnerabilities

I sympathize with developers who throw up their hands and say, “I don’t do security stuff.”…
Symantec Breaks Trust with the Internet?

Symantec is one of the companies that holds the keys to the Internet: they are a trusted…
The Apple case isn’t “privacy” versus “safety”

The current fight is about whether we will impose a technological infrastructure which will be exceptionally…
The “Bug-Free Software” fallacy

About 20 years ago, I worked with a fellow who proudly told me that he had…
Multics was flawless?

Last week I participated in a very geeky panel discussion about a now-defunct standard for computer…
Stream Cipher Reuse: A Graphic Example

Take a look at the following image. You should see two different ‘messages’ here. This particular…