Wieland Alge, Barracuda VP, about the Security Industry

For short: “Get real”. A few good points, still from somebody from inside the industry that produces security software.

A intermediate CA, held by MSC Holdings, issued by CNNIC, the Chinese NIC, apparently issued certificates for unauthorized domains. The problem was detected by Google for their domains through pinned certificates in their browser.

Google Online Security Blog: Maintaining digital certificate security.

March 24, 2015

OWASP Internet of Things Top Ten Project

The OWASP Project is looking at the Internet of Things, too, and published a top 10 of security concerns for that matter. While all of this is reasonable for the Internet of Things, it can be applied very generally for the Internet of anything. Good security pays in every environment, it’s just the Internet of Things has potentially more attack surface.

(more…)

February 18, 2015

Security vs. Privacy

via Peter Piksa auf Twitter: “Oh man, thats actually a really brillant illustration about privacy and security. http://t.co/sk5jnZAa8Q”.

February 6, 2015

Data and Goliath

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Bruce Schneier wrote a book about Big Data, mass surveilance and the Internet of Things. Schneier talks about how this effects society and what to do about the increasing datarization of everything we’re doing.

February 5, 2015

Plenumstreffen Sicherheitsnetzwerk München

Plenumstreffen 2015

Des Sicherheitsnetzwerkes München.

Am 22. Januar traf sich das Plenum des Sicherheitsnetzwerkes München.

Agenda der Veranstaltung, die von Peter Möhring, Leiter der Geschäftsstelle, und Dr Kathrin Jaenicke, geleitet wurde, beinhaltete im wesentlichen den Rückblick auf das vergangene Jahr wie auch die Perspektive auf das kommende Jahr.
(more…)

January 25, 2015

Top Influencers in Security

Tripwire has a recommendation of Security Influencers to follow in 2015, along with their Twitter handle. While I second all of the recommendations, it is particularily notable that 3 out of these 15 names work – or have worked – for Akamai. These guys are @BillBrenner70, @gattaca and @JOSHCORMAN. Every individual on the list had the opportunity to answer, which infosec-related superpower he would unlock, which makes the list a bit of an entertaining read, too.

Top Influencers in Security You Should Be Following in 2015.
(more…)

January 9, 2015

IEEE Cybersecurity Initiative explains how to avoid Top 10 Software Security Design Flaws

The IEEE Cybersecurity Initiative published a document that shall help Software Architects avoid common security flaws. The document may be downloaded or read online.

Avoiding the Top 10 Software Security Design Flaws is released under the Creative Commons Attribution-ShareAlike 3.0 license.

Center for Secure Design | IEEE Cybersecurity Initiative.

September 2, 2014

Visualization for Security

Security is hard. Visualization may help understanding what is going on a lot easier and better. Raffael Marty presents ideas and visualizations to improve security through graphs.