Skip to content

{ Tag Archives } security

Cloud Security, For Real This Time

Cloud Security, For Real This Time: Homomorphic Encryption and the Future of Data Privacy. That’s the title of my presentation at the next Central Ohio OWASP Quarterly Seminar, on 27 February at 1:00 p.m. Dan King, from Microsoft, will be talking about single sign-on for federated Dynamics CRM, very practical stuff which is in real [...]

Also tagged , ,

YAML and Remote Code Execution

YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]

Also tagged , , ,

Speaking at "Moving to Better Secure the Cloud"

I’ll be speaking at a Slashdot/Geeknet "virtual trade show" today.
Moving to Better Secure the Cloud: Governance, Risk, and Compliance Management
My presentation will be on the potential business impact on the web if an efficient and fully homomorphic encryption system is invented. I’ll be speaking sometime in between 3:15 and 4:00 EST, for about 20 minutes. [...]

Also tagged

Would You Buy a Used Framework from This Tool?

I think the Web Platform Installer is a great tool, but I have to question the wisdom of its home page:

If you click on these, you see… nothing. A description would be nice. ("Application Request Routing? What’s that? EC-CUBE?")
But that’s not really the problem. The bigger problem is this: A "spotlighted installers" feature probably sounded [...]

Also tagged , ,

An Excuse Not to Roll Your Own Authentication Scheme

The Rails 3.1 Release Candidate announcement contained news of many new and useful features, plus these regretful words:
has_secure_password: Dead-simple BCrypt-based passwords. Now there’s no excuse not to roll your own authentication scheme.
I will briefly provide an excuse.
"Simple BCrypt-based passwords" is a reasonable feature, but shouldn’t be mistaken for end-to-end authentication, or even a substantial subset [...]

Also tagged , , ,

What is Homomorphic Encryption, and Why Should I Care?

The March 2010 issue of the Communications of the ACM includes a technical paper with an introduction entitled "A First Glance of Cryptography’s Holy Grail" (ACM subscription required). That’s enough to catch my attention. The paper itself, Computing Arbitrary Functions of Encrypted Data, describes a relatively new algorithm for homomorphic encryption.
Although these words may be [...]

Also tagged , , ,

On That Delphi 7 Virus and Ken Thompson’s Turing Award Speech

In 1984, Ken Thompson, the operating system and programming language pioneer, received the ACM’s Turing Award. In his short, highly-readable Turing Award speech, he describes "the cutest program I ever wrote." He notes that because the C compiler is written in C, it is possible to alter the source code maliciously to produce a malicious [...]

Also tagged , , ,

Bad Behavior has blocked 970 access attempts in the last 7 days.