Blogroll

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.... Bruce Schneier

NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.)... Bruce Schneier

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and significantly-improved areal density. Such advances in HDDs have made them an inevitable part of numerous computing systems, including, personal computers, closed-circuit television... Bruce Schneier

Daniel Cid from Sucuri has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.

Dominique Karg from AlienVault has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.

Lance Spitzner of Honeynet and Security The Human fame has agreed to a Thought Leadership interview and we certainly thank him for his time.

Bill Pfeifer is a Product Line Engineer at Juniper Networks supporting security software and data center firewalls. He has been in the IT field for 15 years, including stints at an Army tank base, a technology reseller, and some time at a financial services ASP. He holds a Bachelor’s degree in Civil Engineering from Penn State and an MBA with a human resources focus from Oakland University.

Chris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He has over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Services Team, five years with IBM’s Ethical Hacking Team, and 13 years of Active Military service in the US Army Signal Corps.

John is a truly unique security thought leader. He has been involved in a number of start ups and is currently working on something fairly radical カネ|box (or kane|box).

Kees has made many contributions to the information assurance community, but one, the use of rubrics to help guide the peer review of GIAC Gold papers means a lot to me. It means a lot to you as well, because it created a state change for higher quality in the Gold program. So those of us at the Security Laboratory are excited that he has chosen to be a part of the SecurityThought Leadership Project.

Joel Yonts is a seasoned security executive with a passion for information security research.He has over 20 years of IT experience with certifications in the areas of Security Leadership, Computer Forensics, Malware Analysis, Incident Handling, and Reverse Engineering. His research interests include malware analysis and defense, computer forensics, and enterprise security.

Maury Shenk, TMT Advisor at Steptoe and Johnson, working with a focus on intellectual property, information security and encryption issues, has agreed to be interviewed for the Security Thought Leadership project, Maury has also recently embarked on a consultancy business to build on new approaches for realizing value in technology and intellectual property He has agreed to be interviewed for the Security Thought Leadership project, and we certainly thank Maury for his time.

Veracode’s CTO and Co-Founder, Chris Wysopal, was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley.

Amir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. His company's booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, but specifically in the virtual environment.

Ed Hammersla has a background in trusted systems, as in the Orange Book. He understands the mechanics of low to high information transfer.

With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.

Amit Klein, CTO of Trusteer, a provider of web browser security technology, tells us about himself and his current project, Rapport. It is designed to secure online transactions between compromised desktops and trusted financial websites.

Stephen could certainly use your help in finding security thought leaders. If you know someone special that has made a major contribution to the field, please download our Security Thought Leader Interview framework, we'd love to learn more about them.

Tenable's Ron Gula gives us an update on Nessus which now performs many of the industry standard web application tests such as SQL injection and Cross Site Scripting analysis. This, combined with Tenable's database, application and operating system configuration audits, can provide a much deeper form of analysis than pure black-box testing.

A.N. Ananth, CEO of Prism Microsystems, Inc. was one of the original architects of the EventTracker product offering, Prism’s enterprise log management solution.