The National Institute of Standards and Technology (NIST) announced on October 2, 2012 the selection of KECCAK as the winner of the SHA-3 Cryptographic Hash Algorithm Competition and the new SHA-3 hash algorithm. Keccak makes use of the sponge construction … Continued
There are three possible approaches to information security: reactive, proactive, and predictive. Reactive Information Security – Post incident detection, analysis, notification, containment, eradication, and remediation. Proactive Information Security – Avoiding or opposing threats against computers and networks through understanding the … Continued
During period April – October 2011, I have gone through trainings, passed the exams and obtained new certificates: Certified ISMS Lead Auditor – ISO / IEC 27001 Information Security Management System PCI ISA (Payment Card Industry Internal Security Assessor), PCI … Continued
Two colleagues and I presented paper titled “Security Risk Management for Critical Infrastructures” at itAIS 2011 Conference, “Information Systems: a crossroads for organization, management, accounting and engineering”, held in Rome, Italy, October 7 – 8, 2011. Abstract: This paper presents … Continued
On September 28th, I delivered presentation on topic “Location Based Services – Security and Privacy Aspects” on global group Telenor Security Conference 2011. Abstract: Location based services are fast growing area in various types of businesses, particularly concerning mobile operators … Continued
Welcome to new age of my blog “Dragan on Security”. After more than seven years of blogging on previous platform (since August 28, 2005), I decided to move and to switch to new look and structure of blog. I have … Continued
One statement from our earlier book, which has been published 2007, was cited at IEEE Conference Journal. It is interesting and actual for many organizations at moment: “Security is a process of keeping necessary level of risk in acceptable boundaries. That means security is a continual process and not a final state. Organization or institution can’t consider itself “secured” after last security check. That process needs to be continual.”
DOI link: http://doi.ieeecomputersociety.org/10.1109/BCI.2009.20.
I was cited and quoted couple of times in IEEE Computer Magazine article “Fighting Intrusions into Wireless Networks”, Springer Link Book “Novel Algorithms and Techniques in Telecommunications and Networking” and Telektronikk Journal.
I invite you to answer poll question “Do you store your credit card PIN into mobile phone?”
There is serious vulnerability with A5/1 encryption scheme used in GSM networks. It can lead to interception of GSM calls. This vulnerability has been presented by Karsten Nohl and Chris Paget at the 26th Chaos Communication Congress (26C3).