Mobile Security with NFC on Android

A few years ago I was looking for a cheap, portable and easy to use secondary authentication system for personal use.   I had stumbled upon the “YubiKey” from Yubico, which could potentially fit the bill for my own personal use case. The Yubikey is a durable key fob that looks a bit like your standard…

Read More

Why do security experts prefer insecure Mac OSX?

Robert Hensing made an interesting observation, as to Apple’s OSX as the OS of choice among security professionals presenting the CanSecWest 2008 security conference.  With all the latest news about the insecurities in OSX, why is it the OSX of choice in that circle?

Read More

LDAP over SSL/TLS: How secure is your Directory?

One of the issues with using LDAP as an “Authentication” protocol for applications is that this usually means LDAP simple binds.  LDAP simple binds by default will pass the userId and userPassword in clear text between the client and the server.  This means that anyone or anything with access to that communication path can view…

Read More

Windows Security in .NET v2

I came across this PDF while looking for some information on the System.Security.Principal namespace and thought it might be useful for a reference later on. Windows Security in .NET v2 Reminder that even though .NET 3.0 is out,  most of the namespaces are from the v2.0 release

Read More

Talking about Federation explained

It’s good to see a no-nonsense explanation of what federation is.  I constantly get caught with trying to explain it, and this should save some time.   It is interesting to see how this relates to the common "trust" model in enterprise Domains, and hopefully how this will translate into applications usage of such technology.  I…

Read More