What combination locks teach us about encryption weakness

Last week, an interesting story made the rounds on social media about a researcher named Samy Kamkar who discovered a flaw in Master-brand combination locks and was able to open the lock in eight tries or less. It’s a great discovery and is of particular interest to security professionals because it teaches us about encryption, the concept of brute-force attacks and weaknesses in implementation.

Read More

What’s the difference between a vulnerability scan, penetration test and a risk analysis?

An often overlooked, but very important process in the development of any Internet-facing service is testing it for vulnerabilities, knowing if those vulnerabilities are actually exploitable in your particular environment and, lastly, knowing what the risks of those vulnerabilities are to your firm or product launch. These three different processes are known as a vulnerability assessment, penetration test and a risk analysis. Knowing the difference is critical when hiring an outside firm to test the security of your infrastructure or a particular component of your network.

Read More

Cyber WHAT?! — Untangling all the different “cyber” terms

Tune in to just about any AM radio talk show or Sunday morning news program and you are likely to hear the terms “cyber war,” “cyber terrorism,” and “cyber vandalism” bandied about in tones of grave solemnity, depicting some obscure but imminent danger that threatens our nation, our corporate enterprises, or even our own personal liberties. Stroll through the halls of a vendor expo at a security conference, and you will hear the same terms in the same tones, only here they are used to frighten you into believing your information is unsafe without the numerous products or services available for purchase.

Read More