A security expert has cracked one of the U.K.’s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.

The attack, which uses a common RFID (radio frequency identification) reader and [...]]]> CSO has an interesting piece on a attack on RFID chips in UK e-passport. More details at here.(technical)

A security expert has cracked one of the U.K.’s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.

The attack, which uses a common RFID (radio frequency identification) reader and customized code, siphoned data off an RFID chip from a passport in a sealed envelope, said Adam Laurie, a security consultant who has worked with RFID and Bluetooth technology. The attack would be invisible to victims, he said.

How many of us work in computer security environments where basic security recommendations are not applied consistently? I think it is nearly impossible to find a company that consistently and universally applies basic security tenets. So, we have inconsistencies, cracks in the system, and bad things are [...]]]> A good article for all security managers. Link

How many of us work in computer security environments where basic security recommendations are not applied consistently? I think it is nearly impossible to find a company that consistently and universally applies basic security tenets. So, we have inconsistencies, cracks in the system, and bad things are allowed to occur. The very human nature of purposefully allowing inconsistency as a norm leads to below-average outcomes. Taking a personal and institutionalised interest in applying basic security principles consistently will mitigate more risk and lead to a more secure environment.

Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO — or alternately, “chief security officer,” which [...]]]> A good article looking at CISO/CSO’s

Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO — or alternately, “chief security officer,” which might include physical security as well — isn’t either. The four security professionals who share their priorities with us make it clear there’s nothing cookie-cutter about the top IT security job.

We present a new paper-based voting method with interesting security properties. The attempt here is to see if one can achieve the same security properties of recently proposed cryptographic voting protocols, but without using any cryptography, using only paper ballots. We partially succeed.

The paper can be obtained from [...]]]> Rivest presents “The ThreeBallot Voting System”

We present a new paper-based voting method with interesting security properties. The attempt here is to see if one can achieve the same security properties of recently proposed cryptographic voting protocols, but without using any cryptography, using only paper ballots. We partially succeed.