by Jesper Kråkhede, Sweden
Posted in Security Architecture on Sep 30th, 2012
I have been engaged in many IAM projects throughout my career and one thing that quite often is lacking in the projects is the identity discussion. What is an identity for this organisation? We need to look at two separate entities: What’s needed for authentication and what’s needed for usability. The authentication should be the […]
Posted in Security Architecture on Sep 30th, 2012
Interesting enough signed code and signed websites have been regarded as fairly safe to use for the common user. Whenever the green bar is visible assuming that the page is valid has always been a safe bet. However, in South America a certificate issuer was hacked and a few malwares were signed and released in […]
Posted in Methodology, Security Architecture on Jul 30th, 2012
One way of working with security architecture (SA) and compliance is to use SA as a way to understand the essence of compliance. A few months back I took the time to break down PCI DSS into a number of patterns. Just recently I picked out all PCI DSS requirements and mapped them towards Open […]
Posted in Security Architecture on Jul 17th, 2012
IT-security has moved beyond the computer hacking into the real world. Having read in the news about SCADA system that makes it possible to close the pumps protecting the Netherlands from water or reboot a heart pump machine from remote makes you understand that computers are everywhere now a days. About 1 year ago I […]
Posted in Methodology, Security Architecture on May 31st, 2012
If you are working within the business you probably have heard of Flame, a type of highly complex targeted malware, active in Middle East. With Flame emerging we now have three examples of very complex malware that are able to circumvent many standard security mechanisms. No matter the origin their existence show that there is […]
Posted in Security Architecture on May 31st, 2012
SwaggSec just released a new hack bragging about hacking China TeleCom and Warner Bros. In the end of the text they have added a torrent containing information about admin accounts and stuff. What’s interesting with this particular hack is merely that SwaggSec encourage you to log on to the hacked servers and do as much […]
Posted in Security Architecture, Uncategorized on Dec 31st, 2011
Having a large family puts a constraint on available cars on the market. Not all cars will let seven grownups, teens and kids ride comfortable. Having that said I started to look around and eventually found a car that was just what I needed. When starting to discuss the car with the dealer I experienced […]
Posted in Business, Compliance, Security Architecture on Oct 31st, 2011
Today I had a chat with one of my favourite security consultants in UK. He told me this amusing story about a company where he was supposed to implement Encase Enterprise Edition. When having a meeting with the network guys for pushing out the software as any other software the network guys immediately said: ‘No, […]
Posted in Security Architecture on Oct 31st, 2011
Having worked with compliance for many years several patterns have emerged and during the last year I have been creating different guides on how to implement a PCI DSS compliant infrastructure. Those guides have proven to be quite effective and just a few months ago I started to look at the possibilities to deliver Compliance […]
Posted in Compliance, Security Architecture on Sep 26th, 2011
Two years back I read about 3D printing of keys and concluded that it more or less changed the game for the concept of keys. Gladly (or sadly) the world moves forward and they innovative uses of 3D printing have emerged. Entering the scene: 3D ATM skimming devices ready from the printer. An ATM-skimming device […]