lukeo
TLS and SSLv3 vulnerabilities explained
from lukeo in Research, Internet & Technology
Good overview of the recent TLS Renegotiation Attack
TLS and SSLv3 vulnerabilities explained
from lukeo in Research, Internet & Technology
Good overview of the recent TLS Renegotiation Attack
lukeo
scribbled: See my explanation of the attack http://tinyurl.com/y95dkdv
Cryptree: A Folder Tree Structure for Cryptographic File ...
from lukeo in Research, Internet & Technology
We present Cryptree, a cryptographic tree structure / which facilitates access control in file systems operating / on untrusted storage. Cryptree leverages the file system’s / folder hierarchy to achieve efficient and intuitive, yet simple, / access control. The highlights are its ability to recursively / ...
Re-issuing certificates from the 2008 Debian OpenSSL Vuln...
from lukeo in Research, Internet & Technology
We report on the aftermath of the discovery of a severe vulnerability in the Debian Linux version of OpenSSL. Systems affected by the bug generated predictable random numbers, most importantly public/private keypairs. To study user response to this vulnerability, we collected a novel dataset of d...
Re-issuing certificates from the 2008 Debian OpenSSL Vuln...
from lukeo in Research, Internet & Technology
We report on the aftermath of the discovery of a severe vulnerability in the Debian Linux version of OpenSSL. Systems affected by the bug generated predictable random numbers, most importantly public/private keypairs. To study user response to this vulnerability, we collected a novel dataset of d...
lukeo
scribbled: My summary of the paper - http://tinyurl.com/ycyfz2b
Some Black Swans in IT Security
from lukeo in Research, Internet & Technology
A selected collection of surprising Black Swan events that have impacted IT Security over the last 50 years.
The Positive Trust Model and Whitelists
from lukeo
Wyatt Starnes, of Signacert, provides an excellent overview of the case for security based on whitelisting. / My summary post on this document - http://tinyurl.com/ly75fw /
Related-key Cryptanalysis of the Full AES-192 and AES-256
from lukeo in Research, Math & Engineering
May 2009 paper by Alex Biryukov and Dmitry Khovratovich describing a novel differential attack on full AES.
US Border Digital Search Directive, Aug 2009
from lukeo
This is a recent directive issued by the US DHS defining the scope and processes of searching electronic media at a US port of entry.
Anonymity at the Edge
from lukeo in Research, Internet & Technology
A retelling of a not-so-minor scandal over the exposure of passwords in the edge nodes of the ToR anonymity network.
The Rise of Whitelisting
from lukeo in Research, Internet & Technology
A short essay on the rise the idea of whitelisting to block detect and block malware.
Beyond Box Ticking - a new era for risk governance
from lukeo in Research, Business & Economics
Nov 2009 report from the Economist Intelligence Unit.
The Sub-time Crisis in Web 2.0
from lukeo in Research, Internet & Technology
A short note on why we fear general information overload in web 2.0, however the system will live on.
Hellman's TMTO Attack
from lukeo in Research, Math & Engineering
This is a short and concise presentation on time-memory trade-off (TMTO) attacks, devised by Martin Hellman, given as part of coursework for professor Mark Stamp, San Jose State University.
Outline of a book on Passwords
from lukeo in Research, Internet & Technology
Here is an outline of a book I started to write in 2003 on passwords. At the time I had a few months away from work and I decided to return to some basics in security, and I started with passwords in Windows. I was surprised at how complex, or at least detailed, this topic turned out to be. I was...
+ See more activity
lukeo's Documents
 |
A Risk Analysis of Risk Analysis 752 Reads |
|
|
A Taxonomy and Analysis of Anonymous Commu... 610 Reads |
|
|
Entropy Bounds for Traffic Confirmation 1,010 Reads |
|
|
2,108 Reads |
|
|
1,319 Reads |
|
|
Shamir's Third Law and other Tales from th... 617 Reads |
|
|
225 Reads |
|
|
The Core Components of the Entrust PKI v5 1,016 Reads |
|
|
380 Reads |
|
|
ANSI approach to the financial impact of c... 290 Reads |
