Secure Today

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity [Wikipedia].

Few months ago, I was drafting an article about Cryptography. In my draft I wanted to expand the use of Cryptography to not only to cover Confidentiality but likewise Integrity. I began to write in the lines about Public Key Infrastructure; the use of digital signature to encrypt as well as to sign messages. In my search for an email from a friend, I came across an unsent email from my Drafts folder. An old email more than four years ago titled Steganography. In my email were two images. One original and one was stego file. I recall I planned to send to my classmate for our Steganography research. So about less than five years later, here I am talking about the same “art”. Ah, the art and science of steganography.

Earlier this year, I attended a Product Advisory Council meeting from McAfee. One of the future product integration they are adding to their suite of Security products is the Data Leakage Protection, from the acquisition of Reconnix.

The DLP, be it a Host or Network addresses the detection of file that could be leaking out from a confidentiality standpoint within the company. One of the concerns I have brought up was the detection steganography. As you can see, even sophisticated technology could lack in the ability to decrypt or guess the algorithm used in the steganography.

It is not the scope of this article to cover how steganography is performed or ways to accomplish it. Likewise, this article is not going to list down available steganography tools to perform this. In searching the Internet, you could probably find many articles about this and the tools available as well as countermeasures.

Read the rest of this entry »

PASSWORD MANAGEMENT

One of the overlooked area many of us struggle with is password management. In our day to day computing activities, many of us would simply just use or chose to protect our assets with a simple password. These assets could be critical such as bank accounts, confidential data, or even health information. We are lacking the real work on password management.

Now, just what is password management really is? Well, in its very simplest form, managing passwords!

In corporate world, there are various technologies that does password management. In fact, password management is covered in a good scope on many of books for the CISSP exam.

Now, before going deeper to it, let’s magnify our glass to the word password itself. Many, if not all of us know what password is. That’s the word you write on your sticky note and hide it underneath your keyboard. Kidding aside.

Password is the most widely and commonly used authentication mechanism. They are also considered the weakest security mechanism. Users would simply choose very easy passwords such as their date of birth, favorite color, their nickname, etc., that are easy enough to guess. Sometimes too, they give it away to their buddies or best friends.

It is funny yet interesting to see how users typically thinks security is not one of the most important part of their computer. Not until someone hacks into their computer or account, then that’s when security is all the frustrations.

So here comes password management to the rescue. Although the scope of this article will dive only deeper to day-to-day users of computers, emails and services; it will touch a bit on the corporate world where I will cover some of the best ways in managing password. Bear in mind, this article does not go deeper in how to implement SSO technologies or token devices and such.

Read the rest of this entry »