by Jesper Kråkhede, Sweden
Posted in Business, Security Architecture on Mar 15th, 2009
Last week I was attending a workshop within Public Security looking at e-id and the internal consequences for implementing it. The basic idea was to implement a national e-id for everyone living within a country and also giving one for everyone allowed to stay and work. This is of course nothing new but what we […]
Posted in Compliance, Security Architecture on Feb 11th, 2009
A rather interesting phenomenon has surfaced recently: skimming using a mobile phone. It is very simple to do this. Just take a picture of the front and back of the card and your done. The information printed on the card is enough to make purchases on for example poker sites and such where money easily […]
Posted in Security Architecture on Feb 7th, 2009
During the last months I have held quite a few risk workshops and one topic that always have arisen is if blackmailing and extortion actually is a threat to think of and handle when we look at information security. The first answer would be “No” but thinking a bit longer the answer could only be […]
Posted in Security Architecture on Feb 2nd, 2009
Durnig my last posts I have written quite much about Jericho as a security referense model. One question I have gotten several times is: “Is it possible to implement?” I have made several security reviews during the last year where I have looked into possible implementations of Jericho Style Security. Last week I had a […]
Posted in Security Architecture on Jan 1st, 2009
The first thing I read in the news, and the year is only 45 minutes old, is an advanced case of identity theft where someone had stolen a lot of snail mail from postboxes over a whole town and got hold of identity information. This information was then used for applying for credit cards that […]
Posted in Security Architecture on Dec 31st, 2008
I just learned that public MD5 certificates could be forged breaking the chain of trust. The forging means that you web browser will think that the certificates is valid and not question you if you want to go to the site. In IE 7 you will not get a green bar showing it is a […]
Posted in Security Architecture on Dec 9th, 2008
When I wake up in the morning I think Jericho. Before I fall asleep my last thoughts are Jericho. Finally you all are allowed to read the books I have been studying for a long time. You will find the books here and the covers here.
Posted in Methodology, Security Architecture on Dec 8th, 2008
Four years ago I stumbled into a discussion regarding how security was handled in RUP. As the discussion went on the voices rose and in the end the poor bastard yelled at me: “You are abusing my use cases” and by that the Abuse Case was born. Just to set the context: An abuse case […]
Posted in Security Architecture on Dec 1st, 2008
I have former mentioned TBC: Trusted Computing Base, a possible decision point where you have to say that either you trust or do not trust a system. I am using this word quite often when deciding upon security perimeters but during the last few assignments where I have worked quite a lot with defining partnerships […]
Posted in Security Architecture on Nov 16th, 2008
I often get one specific question when I am out work shopping, is doing a speech or in any other way get in the cross hair of the public: What is Security Architecture?. Still to this day I cannot give a good answer due to the following: Security is only a quality property of any […]