Since every time I posted my previous article people were asking questions, I wrote up the following as a Facebook comment and figured it deserved repeat posting here. Note that there’s an article in our archives which is similar but not as specific as this one. Get ready for your cryptography lesson. A hash is a one-way function. This means that given some input, it creates some seemingly random output. It is one-way in that you can’t do math on the output to get back to the input. So, “abc” -> (hash function) -> A9993E364706816ABA3E25717850C26C9CD0D89D and there’s no way to get “abc” back from that nasty string. UNLESS you have taken the time to generate what’s called a rainbow table. Hackers[…]

One of the biggest complaints I’ve had with VMWare vSphere and VMWare ESX/ESXi over the last few years is that managing my virtual machines from my Mac computer was a hassle. The VMWare management utilities are all Windows-only, and even the few web-based tools either do not work or are extremely limited from a Mac. While it isn’t perfect yet, VMWare vSphere 5 has made it so you can actually do just about anything you need to using a Macintosh computer; you just need to go through a few hurdles. To enable the administration of your various virtual machines, storage, clusters, datacenters, and the like, you can now use the vSphere 5 Web Client. Before it can be used, it must[…]

A colleague lent me his most recent copy of IEEE’s Computer magazine.  Inside was an article entitled A Web 2.0 Model for Patient-Centered Health Informatics Applications (IEEE membership required to read).  Some possible benefits of their proposed approach were listed, including: Run deeper analytics across physicians groups and facilities, which can include relevant patient data… Provide a wide community of health professionals with feedback on the use and effectiveness of protocols… Share similar and alternative protocols and their analyses across many medical facilities and individual providers… Anyone want to guess what’s completely missing from their approach?  You guessed it, any mention of security.  The commonly misunderstood (and frequently misspelled) HIPAA makes it pretty clear that the privacy and confidentiality of personal[…]

If you haven’t heard yet, a practical attack on the X.509 infrastructure using MD5 hashes has been demonstrated at the Chaos Communication Congress (CCC) today. The basic gist of the attack is that a “normal” certificate is issued from a well-known and trusted CA (in this case “Equifax Secure Global eBusiness CA-1”) and then use the “magic” of MD5 hashing to create a certificate that collides with the “real” one, but just happens to be a CA. This CA can then issue certificates as they please, and your browser will trust them, no questions asked. The details are a bit more in depth, and unless you study cryptography, you will find rather boring and dry. However, MD5 hashes have been[…]

It’s good to know the government is finally looking towards some real-life scenarios in changing how they view cybersecurity. According to a recent article from the government is finally looking at the knowledge of hackers to help improve cybersecurity instead of relying only on compliance. The strategy would fix the current model’s focus on compliance, rather than security, according to Alan Paller, director of the Maryland-based SANS Institute, a computer research center. “We’re trying to secure systems rather than secure compliance,” Paller said. “If you know how [hackers] are getting in, you’d have to be crazy not to use your resources to stop that. But people are too focused on compliance.” When you get into these big organizations, the[…]

If you’re lucky enough to be traveling to China for the 2008 Summer Olympics, you should think carefully about the security and safety of your personal belongings, as well as your information.  Travelers should be aware that as in any large metropolitan area, any computing devices (such as smart phones, PDAs, and laptops) are at a high risk of theft.   Additionally, the United States State Department has advised the following about travel to China: Security personnel may at times place foreign visitors under surveillance.  Hotel rooms, telephones, and fax machines may be monitored, and personal possessions in hotel rooms, including computers, may be searched without the consent or knowledge of the traveler.  Foreign government officials, journalists, and business people with[…]