Sunday, October 11, 2009

Good Newsweek article on Passwords

Good article in Newsweek on "Building a Better Password" laying out some of the issues with good passwords and how the issues are changing, for example phishig replacing brute force attacks. And some good discussion on possible replacements - text messages and an image-based scheme.

Tuesday, October 6, 2009

Some more security podcasts I'm enoying

I've been traveling a lot recently and listing to a number of podcasts, including some good security podcasts, so I thought I'd mention a few of my favorite security podcasts.

I previously mentioned the Security Now podcast, which I'm still listening to. But I've added a few more to my subscription list.

Gary McGraw of Cigital has a pair of podcasts that I enjoy. The Silver Bullet podcast is a series of interviews with security researchers and practitioners, which spans a wide array of security personalities. (I particularly found the interview with Fred Schneider interesting.) These interviews touch on technical and non-technical aspects and I think would be interesting for people with a range of security interest.

The Reality Check podcast, also from Gary McGraw, is a series of interviews with folks leading secure software programs. It's a little more technical than Silver Bullet, but definitely of interest to anyone interested in secure software developent.

I've also been listening to the OWASP Security podcasts. These are fairly focused on issues of web application security and tend to get somewhat into the minute, but in terms of educating oneself on that set specific area, are reasonably good.

I've also got some Rear Guard podcasts in my queue, but haven't listened enough to them yet to really comment

Roger Johnston's Security Maxims

I was reminded of Roger Johnston's great list of Security Maxims while listening to a recent (#215) episode of Security Now. Well worth reading.

For example:
Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.