Larry Loeb

Getting Started as a Big-Time Security Whiz

Since my e-mail address gets put at the end of many of the things that I write, I (understandably) receive e-mails from people. Some are queries about what Ive written, some are pitches about products that I havent written about but someone wishes that I would, and some are pleas. The pleas are usually the […]

Feds Look to Tighten Online Banking Rules

The usual suspects were at work last week in the security arena: Microsoft issued massive patches; Snort has a problem that can be triggered by a single UDP packet; and the like. But the Big Story was about banking, and it didnt seem to be picked up by many people. It boils down to this: […]

The Evil Scientists vs. Cisco

As a security story told around the electronic campfire, this one is a doozy, almost archetypal. First of all, on one side theres a group of crackers that call themselves the EvilScientists. With a name like that, you can almost see them wringing their hands while hunched over their keyboards and saying “Moo-wah-hah-hah!” (Or what […]

Dont Forget to Lock the Door

Its easy when dealing with IT security to get all caught up in the tech side of things: the crypto, viruses, phishing schemes and what not. Theyre intellectually challenging to identify and satisfying to fix. Theyre the kind of problem that looks good on your quarterly review when they are solved. But theres another kind […]

Security Watch: Acquisitions Aplenty

Last week, the number of independent companies in the security space decreased again as Symantec gobbled up Bindview, and Checkpoint ate Sourcefire, maker of the Snort open-source Intrusion Detection System. Symantec has been on a buying rage since it underwent a $13.5 billion merger with storage leader Veritas in February. That merger changed Symantec from […]

New Security Threat: Text Messaging

Researchers from the Systems and Internet Infrastructure Security Lab of the Pennsylvania State University made public this week some research they have done about what it may take to shut down mobile cell phone networks using low volumes of text messaging. SIIS Lab students William Enck, Patrick Traynor, SIIS Lab Director Patrick McDaniel and NSRC […]

Hack Can Crash Playstation

Can you hack a PSP? It appears so. Secunia has listed a “moderately critical” advisory for Sonys game machine using firmware 2.0. Evidently a “specially crafted” TIFF file can crash the puppy due to a boundary error in the TIFF library and thus cause a denial of service. Evidently, there is a well-known bug in […]

The Security Side of Sarbanes-Oxley

What is SarbOx anyway? The Sarbanes-Oxley Act of 2002 is a set of rules passed by Congress in order to force American public corporations to document every sale and financial exchange that could have a material effect on the business. SarbOx also requires top executives to review and sign off on financial results so CEOs […]

AES: How to Keep Secure Data Private

Though its a hot topic now, the need to encrypt data stored on tapes and hard drives, or transmitted across a network, is far from new. DES (data encryption standard), the most widely used encryption algorithm in the world, for example, is more than 28 years old. DES became the bedrock of government cryptology until, […]

Using Digital Signatures to Secure E-Commerce

Digital signatures—which have been de rigueur for years among both professional and amateur security advocates—have emerged from those relatively small populations to become an important part of mainstream security discussions. The driving force was the Electronic Signatures in Global and National Commerce Act (the so-called “E-Sign” bill) that, beginning in October of 2000, allowed an […]