To me, this business with comparing malware and anti-measures in the IT security world with biological systems and in particular immune systems is nonsense on so many levels. People draw parallels with monoculture versus diversified cultures, and immunizing systems and so on. I say: Bah!
First, biological systems have no designer or design targets, no requirements [...]

So, what’s wrong with using hardware tokens for banking? Well, by themselves, they don’t actually protect you. And this is why.

There was a discussion on a forum about how to save on IT costs, and the question of consolidating servers came up. So, I had a few little somethings to say, and some of that saying I cleaned up and presented here.

Bruce Schneier pointed to a sneaky feature present in some color printers, like in Xerox DocuColor series. They print a code on every page, allowing the authorities to track when the document was printed and with which printer.
A little while ago, I ordered some keyrings with my company name engraved on them, to give out [...]

Banks use several systems to let their customers log into their internet banking sites. The worst (security wise) by far are the password based systems, very common in the US. Much better are (were!) the one-time password systems, based on scratch cards or electronic tokens, fairly common in Europe. However, the latest phishing expedition launched [...]

Rapid Application Development systems tend to promote the writing of bad code. In what follows I’m going to use VS.NET (2003) as an example, simply because it’s probably the most used. I’m also going to take the writing of client database code as the main example, because it is so important and because it represents [...]

I just read a letter to the editor by Richard Stallman in Communications of the ACM, May 2005, where he points out that whatever the privacy policy of a website, the USA PATRIOT act (or USA PAT RIOT act as he calls it) allows collection by law enforcement of any private information without a warrant. [...]

I just read an article in IEEE Computer, June 2005, called “Security Technologies Go Phishing”. It’s about new ways of stopping phishing attacks. Among other things, they present a system that lets a bank (for instance) have their users choose a picture from an album. That picture is then included in email that the bank [...]

Two-factor authentication using hardware tokens to log on to internet banking sites (among other things) is intended to make banking over the Internet more secure. It turns out that it isn’t as great as it seems to be on first blush. Bruce Schneier has talked about this problem several times. Why is this problem so [...]

If you’re a member of some organization, or have some certification that entitles you to sign up for services somewhere, you need to be able to prove that you have that credential somehow. In real life, you’d carry a plastic card issued by a reliable organization and that you could flash in the face of [...]