itsecurityideas

All software regardless of purpose, size or cost is designed to conduct three functions; take input, process data and produce output. The environment and purpose of the software determine how the input is generated and the design and operation determine how it is used with resident data and what actions are preformed upon said data. The output may be used by people or other programs or stored in a database.  The cost of securing an application increases exponentially after the application has been developed, thus securing an application is far less expensive during its development. The secure software development life cycle processes as defined by the following article from homeland security as a survey of current standards and methodologies. “This article presents overview information about existing processes, standards, life-cycle models, frameworks, and methodologies that support or could support secure software development. The initial report issued in 2006 has been updated ...

A micro-payment is defined by visa as any transaction of a value below $20 U.S.D.[V] [i] .   The World Wide Web consortium also maintains the micro-payments initiative which has recently been closed; one major reason for the cessation was that organizations such as Paypal and Ebay have developed far more pervasive systems using existing W3C standards [W3C] [ii] .  Micali et all defined a micro-payment as: A payment Scheme consists of a set of protocols involving at least three basic parties: An individual, buyer or user, the merchant and the bank. These could be individual entities – such people, device or computer programs or collections of entities. [MSRR] [iii] Transactions across the internet must be encrypted and are usually conducted utilizing transport layer security and x.509 based certificates. Security is a necessity of any financial transaction regardless of location. Companies such as PayPal process hundreds of thousands of transaction requests per day as mic...

What is Watermarking? Watermarking is defined as placing information or data within a media file of any kind, Picture, Audio or Video. The watermarks are placed within the file in such a manner as to not affect the files function. Thus the Watermarked MP3, Picture or Video still function as Audio, Pictures or Video Files with the watermark in place. [VS] i How does watermarking Work? Steganography Petitcolas states that modern steganography originates in 1665[PF] ii ; the notion of hiding information in plain sight dates back to antiquity as militaries of all empires had to communicate across potentially “insecure” messengers; the term “Marathon” is actually from Greece where a solder named Pheidippides ran form Marathon to Athens a distance of 40 km and is said to have died after the run from marathon to Athens to give word that they had beaten the Persians. The Spartans used a “Cipher” stick as a means to encode and decode messages in either cloth or paper wrapped around it, i...

Sometimes the largest hammer is used to conduct the finest tuning. Ipsec is defined in RFC's 2401, 2409, 4301 and 4308. [IETF] i ; IPSec's goal is to secure two communicating parties or networks via either an application to gateway or gateway to gateway communications. Where possible virtual private networks are created by the use of IPSec within organizations that maintain multiple campuses or offices. IPSec secures the entire TCP/IP stack by encapsulating all communications above layer 3 for either host to gateway or gateway to gateway or even network to network communications between two gateways. XML is a standard upon which the “ web 2.0” functions; it's a subset of SGML and it's goal is to act as a standard to serve and process content, the “Semantic web” as Burns-lee describes it is composed primarily of servers interchanging and presenting data from various servers of SGML. XML is defined by the W3C and is a standard used to define and ma...

To compare Secure Sockets Layers and Transport Layer Security and Internet Protocol Security let us first discuss their origins and intent. Transport Layer Security (TLS) is the child of the Secure Socket's Layer protocol. TLS was defined formally by the IETF in 2008 in RFC 5246.[IETF] i It's origins are rooted in SSL 1.0 as developed in 1996 by Netscape as a means to secure browser sessions. The main goals of TLS are defined as setting up a secure channel between two parties based upon certification exchange that is extensible and inter operable in nature and that is computationally efficient. That is to say it's designed to secure a single channel between a server and a host. TLS operates at the Transport layer by means of encapsulation by encrypting the underlying protocol after a standardized handshake and authorization have occurred often over Public Key Infrastructure using certificates that have been obtained commercially from one of the public ce...

Utilizing Biometrics is not a new idea; nor is using the data captured by a biometric device as a unique cryptographic key. The real issue with biometrics as keys is that they may be faked just as easily as a password. Cappelli et al demonstrate that the effectiveness of both capacitive and optical scanning devices at differentiating an imposer versus the actual finger print are marginal at best.[CR] i Futher to their analysis Sten et al. State that various standard methods utilizing house hold items may be conducted to fool the fingerprint scanner, these include creating a gelatin mold of the available fingerprint left on the laptop case itself or simply breathing on the scanner to reveal the oil of the previous scan then utilizing common forensic methods to lift the print and reproduce it in a usable medium, silicon sealant works well with tape and graphite from pencils for such work.[SA] ii Poorly written spy thrillers and action films would have us believe that a severed finge...