Security newshttp://www.eldos.com/blog/Security_News/tag:www.eldos.com,2008-05-16:1Copyright (c) http://www.eldos.com/blog/Security_News/2008-05-16T23:43:43-05:00Blog moved2008-02-27T04:05:49-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/51
Blogspot service. New posts will appear there. ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpState of e-mail authentication2008-02-02T10:33:09-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/50
Authentication And Online Trust Alliance has published a report that reviews current situation of e-mail authentication among large companies and ogranizations. The report says that more than a half of all e-mail is authenticated. What does this mean?
Authentication of the sender is an important step in fight against unauthorized e-mail. Now, when so much e-mail is authenticated, it's vital that the verification takes place on all stages of e-mail processing, and that e-mail is handled properly (this includes acceptance of the valid authenticated e-mail and lowering the weight of other factors when e-mail is authenticated right).
The most widespread authentication mechanisms are Sender ID (formerly SPF) and DKIM (formerly DomainKeys).
You will find lots of useful information, related to authentication schemes, their supporters etc. in this report. ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpObsurity in security2008-01-18T01:23:30-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/49
the good article "for dummies" why obscurity is not always bad.
]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpNew cool gadget - smartcard with biometrics2007-12-06T06:31:15-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/48 The only thing I wish this card could do is optionally give away the fingerprint, working as a fingerprint scanner. This particular card doens't do this, but I believe we'll see such cards soon.
]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpHow to find people2007-12-04T02:39:07-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/47 It's a common task when you need to know more about some person. Google seems to be the obvious approach. But is it the best one? There are numerous less known ways and the site (below) seems to offer the whole section about this topic.
The article I came across is here ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpWhat's new in upcoming SBB 62007-12-02T12:54:28-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/46 First of all, it's a code that was carefully checked for possible weak places and security vulnerabilities. While there were not much security fixes, some places in the code could affect the performance of the system, if they dealt with specialy prepared data. Obviously, I can't tell much until SBB 6 is released.
Another important addition is introduction of Elliptic Curve Cryptography (ECC or EC cryptography) mathematics and algorithms. As written in one of the previous blog posts, EC cryptography promises better speed on much shorter keys. It is considered to be the algorithm set of choice in the next 15-20 years. SecureBlackbox is one of the first security toolsets to provide EC crypto support.
One more thing is various improvements in SSH and SFTP protocols. SSH components are one of the most used components in SecureBlackbox. And it's not a surprise, as demand for secure remote access and secure file exchange grows. SecureBlackbox with it's SFTPBlackbox package is the leading component collection for SFTP support, with unbeated combination of numerous features and low price.
Finally, we have plans to re-write the source code of ActiveX edition, in order to remove the mess with secondary interfaces in various controls. In SecureBlackbox 5 and before each control implemented a number of interfaces (such as IElSftpClientX, IElSftpClientX2, IElSftpClientX3 etc.). In SecureBlackbox 6 there will be new interfaces and new controls. This will let the users easily call various functions from scripting environments and will reduce the number of lines of code, needed to use the components. Of course, for compatibility with existing applications and user code the old interfaces will be available too.
See our News section for upcoming news about SecureBlackbox 6. ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpMD5 hash collision2007-12-02T12:42:08-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/45 Read the article ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpGraphic passwords, the scientific approach2007-11-05T12:01:55-06:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/44
To my understanding, most of such schemes were introduced without serious scientific analysis of their strength.
Recently the new approach has been announced. You will find a very interesting, detailed and scientific-looking description of the scheme inthis paper (PDF document). ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpSpeech Recognition and Voice Recognition - what is the difference?2007-10-14T06:48:07-05:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/43 But recently I came across the small article which describes the differences between several similar yet different terms and technologies.
Read the article. ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.phpIntroduction to DRM2007-10-14T02:47:13-05:002008-05-16T23:43:43-05:00tag:www.eldos.com:Security_News/39 DRM is often confused with encryption and vice versa. It is important to understand, that encrypting the data doesn't necessarily give you protection for your data. The one who can decrypt it (legitimately) becomes the possessor of the information and copy and distribute it (no matter if he has the rights to do this). Encryption can't prevent distribution. But DRM can. Can it?
Here's the article that gives you the basic understanding of what DRM does. ]]>
Eugene Mayevskihttp://www.eldos.com/blog/users/1.php