TrueCrypt goes dark

| 0 comments

Today was an interesting day in term of security within the encryption community. The developers of TrueCrypt have made the following statement: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” It is not clear exactly what is driving this decision and one can only guess at this point unless the development team comes out an conclusively comments on what the driving factor was. What makes this even more interesting, at least from my perspective, is the fact a security audit was just completed in April 2014. At that time, the phase 1 audit did not …

Continue reading

Life in a digital world means little or no privacy

| 0 comments

I want to start 2014 off by looking at security and privacy. One can argue that we are more secure today than we were just a few short years ago, but security comes at a cost and that cost is privacy. During discussions with others that I come into contact with, I am disturbed when I hear the response “if you are doing nothing illegal then you have nothing to worry about”. Obviously these individuals have not idea what privacy means. For those individuals, the Webster Dictionary defines privacy as the state of being alone. For those of you who …

Continue reading

Technology Is The Government’s Oldest Best Friend

| 0 comments

Recently we have all most likely have heard the news concerning the National Security Agency (NSA) is currently collecting the telephone records of millions of US customers of Verizon. This is extremely disturbing and while I have my own personal opinions as to what is or is not acceptable, this has clearly crossed the lines of trust in my humble opinion. In what world do we live that the government can simply cast a net so vast as to have this type of data for the purpose of seeking out those who are conducting illegal activities? I have heard others …

Continue reading

The Future of Cybersecurity Technology and Policy

| 0 comments

Only when a comprehensive understanding of the cyber threat is taken into consideration can organizations utilize process, tools, and technologies to find, correct, and combat those who launch a cyber-attack. This paper takes a look at the past, present, and future in order to present a concept that works. The idea here is a partnership with both private and public sectors in a type of responsibility where everyone works together to achieve the goal of cyber defense. This includes tools, technologies, methodology, and a common sense approach to the problem. The days of standing alone have failed and it is …

Continue reading

Homeland Security’s (DHS) Software Assurance Program

| 0 comments

Continuing with the theme of Software Assurance, I previously shared the January 2012 BITS Software Assurance Framework and now I located some wonderful information sponsored from the Department of Homeland Security (DHS). Security is an area that typically is lacking, underfunded, and often ignored specially in the area of web based solutions. While many organizations do better than others the reality is new vulnerabilities surface every day and it is not enough to take the mindset that your threat surface is minor in nature. To address security you must first understand the risks. The following PDF artifacts are called pocket …

Continue reading

Secure Web Browsing Using Lightweight Portable Security

| 0 comments

Stop for a moment and ask yourself just how safe to do feel when logging into your favorite social network site and at some point in time logging into online banking for example. I am not advocating that social networks fall short in the area of security but the reality is the internet is a dangerous place. Today’s threats are increasing with each passing day and I would go so far to say that many individuals do not understand nor take the time to properly address security. In fact the Software Engineering Institute at Carnegie Mellon states: Many users have …

Continue reading