Posted in Security Architecture on Dec 31st, 2008
I just learned that public MD5 certificates could be forged breaking the chain of trust. The forging means that you web browser will think that the certificates is valid and not question you if you want to go to the site. In IE 7 you will not get a green bar showing it is a […]
Read Full Post »
Posted in Security Architecture on Dec 9th, 2008
When I wake up in the morning I think Jericho. Before I fall asleep my last thoughts are Jericho. Finally you all are allowed to read the books I have been studying for a long time. You will find the books here and the covers here.
Read Full Post »
Four years ago I stumbled into a discussion regarding how security was handled in RUP. As the discussion went on the voices rose and in the end the poor bastard yelled at me: “You are abusing my use cases” and by that the Abuse Case was born. Just to set the context: An abuse case […]
Read Full Post »
Posted in Security Architecture on Dec 1st, 2008
I have former mentioned TBC: Trusted Computing Base, a possible decision point where you have to say that either you trust or do not trust a system. I am using this word quite often when deciding upon security perimeters but during the last few assignments where I have worked quite a lot with defining partnerships […]
Read Full Post »