by Jesper Kråkhede, Sweden
Posted in Business, Security Architecture on Apr 19th, 2010
No one in Europe has missed the fact that there is a volcano erupting spewing out ash all over Europe grounding virtually all flights here. This has of course put a strain on a lot of sectors. During media coverage there have been the usual comments but one thing that became very visible this time […]
Posted in Compliance, Security Architecture on Mar 30th, 2010
Sadly not. There are a number of compliance frameworks out there now; PCI DSS, SOX, HIPAA, HITECH, Part 11 and you name it. It is a rather interesting fact that there are as many consultants being specialized in that one or the other without having the faintest idea that they are all the same! Take […]
Posted in Security Architecture on Mar 16th, 2010
Security is a very interesting subject. Quite often I get questions regarding the connection of security policies, security mechanisms and technical solutions and when and where to have those. My answer is as always: It depends. That said the real issue to handle is how you would like to handle your rules. A rule has […]
Posted in Security Architecture on Mar 2nd, 2010
I have now published the Jericho Books on my blog. You´ll find them at the top page named Jericho Books.
Posted in Security Architecture on Feb 27th, 2010
Yet a costly infrastructure has been shattered leaving an insecurity of payment cards in its wake. Chip and pin has been shown to have a flaw making it possible to withdraw money from a stolen card without knowing the pin. According to the paper it would explain phantom withdrawals between when a card is stolen […]
Posted in Security Architecture on Jan 7th, 2010
In an article in a Swedish news paper SMS scams reached new heights. During a tv show collecting money for a charity organization someone, internal or external is unknown, changed the phone number you were supposed to send an SMS to donate money, from the official to a fraudulent. As this phone number recently was […]
Posted in Security Architecture on Dec 31st, 2009
Just recently read that a German scientist, Karsten Nohl, managed to crack GSM crypto A5/1 due to a vulnerability not previously exposed. The thing that got my attention is the response from the GSM-organization. “The vulnerability is only theoretical because it is illegal to crack the crypto”. I suspect that this is mostly due to […]
Posted in Business, Compliance, Security Architecture on Dec 5th, 2009
In a swedish article today some interesting figures is shown from bank transaction frauds, including credit card frauds: • 600-700 M SEK was lost 2008 (60-70 M EUR) • 1% of the grown up population was affected (60 000) • 84% got their money back partly or in full FI, Finansinspektionen, the authority responsible for […]
Posted in Security Architecture on Nov 30th, 2009
Jericho requirement 3 clearly states ”Assume context at your peril”. This is one statement that is very easy to understand but many fails to follow. What does it say actually? The key message is that you should always understand the context of security solution. Every solution is created to handle one or more threats within […]
Posted in Business, Compliance, Security Architecture on Nov 27th, 2009
New laws are emerging in Europe that has its origins in US. Those state that companies and organizations that experience a breach where information is lost have to go public in one way or another. This means that public humiliation and loss of face will be a cost to take into account and also the […]