For better or for worse, we presently rely very heavily on username/password combinations to identify ourselves to computers and other devices in our daily lives. Many — perhaps most — of these password management techniques are flawed, despite the fact that they show up in many so-called Best Practices guides. Although we should be moving rapidly toward 2-factor authentication, this note examines the problems with passwords as they exist today.
In July, I gave a keynote speech at the 2009 annual conference of the Forum of Incident Response and Security Teams (FIRST) in Kyoto, Japan, that focused on the communications barrier facing computer security incident response professionals in their cross-cultural dealings with their Asian counterparts. This was the first and, thus far, only time I’ve [...]
Although I’ve spent the past several years of my professional life being involved in information security policy and management, my first love is still computer operating system security. In this field there’s a fair amount of special terminology, and one of these special terms is “protection rings”, which is a way of saying that, for [...]
Ever since my earliest days working in Silicon Valley, I have been involved in computer security incident response management. And so it was with great pleasure that I accepted a keynote speaking opportunity at the upcoming annual meeting of the Forum of Incident Response and Security Teams (FIRST) during 28 June-3 July 2009 in nearby [...]
