By beginning of October 2017 I started Security Predictions experimental web site. It has been built to harness the ‘wisdom of crowds’. I experiment how we can use crowd-sourced security intelligence to predict future events. Feel free to contribute with your … Continued
The National Institute of Standards and Technology (NIST) announced on October 2, 2012 the selection of KECCAK as the winner of the SHA-3 Cryptographic Hash Algorithm Competition and the new SHA-3 hash algorithm. Keccak makes use of the sponge construction … Continued
Two colleagues and I presented paper titled “Security Risk Management for Critical Infrastructures” at itAIS 2011 Conference, “Information Systems: a crossroads for organization, management, accounting and engineering”, held in Rome, Italy, October 7 – 8, 2011. Abstract: This paper presents … Continued
On September 28th, I delivered presentation on topic “Location Based Services – Security and Privacy Aspects” on global group Telenor Security Conference 2011. Abstract: Location based services are fast growing area in various types of businesses, particularly concerning mobile operators … Continued
One statement from our earlier book, which has been published 2007, was cited at IEEE Conference Journal. It is interesting and actual for many organizations at moment: “Security is a process of keeping necessary level of risk in acceptable boundaries. That means security is a continual process and not a final state. Organization or institution can’t consider itself “secured” after last security check. That process needs to be continual.”
DOI link: https://doi.ieeecomputersociety.org/10.1109/BCI.2009.20.
I was cited and quoted couple of times in IEEE Computer Magazine article “Fighting Intrusions into Wireless Networks”, Springer Link Book “Novel Algorithms and Techniques in Telecommunications and Networking” and Telektronikk Journal.
I invite you to answer poll question “Do you store your credit card PIN into mobile phone?”
There is serious vulnerability with A5/1 encryption scheme used in GSM networks. It can lead to interception of GSM calls. This vulnerability has been presented by Karsten Nohl and Chris Paget at the 26th Chaos Communication Congress (26C3).
An independent test and evaluation of 15 different network intrusion-protection system products from seven vendors showed none were fully effective in warding off attacks against Microsoft, Adobe and other programs. NSS Labs, which conducted the test without vendor sponsorship of any kind, also evaluated the 15 network IPS offerings for their capability in responding to “evasions,” attacks delivered in an obfuscated and stealthy manner in order to hide. In that arena, Juniper Networks and TippingPoint didn’t perform particularly well. Juniper IPS scored lowest at only 17% effectiveness. In that arena, the McAfee and IBM IPS held up particularly well.
NIST has selected the Second Round Candidates of the SHA-3 Competition recently. Following 14 second round candidates to continue in the competition: