Book Review: CODE by Charles Petzold
CODE takes a reader from humble beginnings of communications using flashing lights, to telegraphs and the invention of the relay, to a (relatively) modern computer by the end of the book, making many stops along the way to detail each stage of the evolution of a modern, digital computer. At first glance this may seem a bit useless - why learn about Morse code or Braille when ASCII or Unicode is far more relevant? Why talk about using old technology like relays when integrated circuits are far superior? Upon reflection, it should become clear that understanding why something came to...
Book Review: Security Engineering by Ross Anderson
Security Engineering is all about designing and building secure systems. Unlike many security books, this one attempts to cover the entire range of security engineering, ranging from cryptography, access control and similar technologies, into security policy, and even into the macro scale of governmental policies. Of course, this is a massive set of subjects to try to cover in a single book, and indeed, Security Engineering weighs in at a little over one thousand pages (though nearly 100 of them go to the bibliography), spread out over 27 chapters. Fortunately Ross Anderson does an excellent job at keeping the book...
Book Review: Threat Modeling by Frank Swiderski and Window Snyder
Threat modeling is something that probably should be done whenever developing a complex system, especially software, but all too often isn’t. In part this deficiency is caused by lack of knowledge about threat modeling - not many people are talking or writing about it. Much of what is written about threat modeling lacks consistency. One of the few organizations that writes about threat modeling is Microsoft, but each blog post explaining threat modeling displays significant differences from its peers, an inconsistency probably due to the reality that learning to threat model is an evolutionary process. More disturbingly, their documentation for...
What's the Difference Between a Threat and a Vulnerability?
Not long ago I was working on a threat modeling project, and found that I was rather confused by the distinction between a threat and a vulnerability. This might not seem like a big deal at first, but since the two are dealt with at different stages in the risk assessment process, and vulnerabilities depend on threats, it is critical to have a good understanding of the two. So first off, just what is a threat? A threat is something that can compromise some aspect of your system. This includes things like a denial of service attack preventing you from...
Phishing Presentation - ISC 4/11/13
The presentation from UAH’s Information Security Club meeting of April 11, 2013. This talk dealt with Phishing, a social engineering technique, and was given by Eugene Davis. Slides (PDF) Audio (MP3) Video (MP4) Youtube </source>