martijno.blogspot.com
Security, something, something...: September 2010
http://martijno.blogspot.com/2010_09_01_archive.html
Security, something, something. Sep 17, 2010. SMS text authentication for patient access to Dutch electronic health record. The encryption algorithm A5/1 used in GSM has been suspect since at least 1994. When the algorithm leaked). Nohl. S talk at 26C3 (November 2009) demonstrates that a practical attack will become possible soon. And all of a sudden people start to get nervous. As a follow-up to their report for the Dutch Ministry of Health. The user uses this table to manually translate the code that w...
martijno.blogspot.com
Security, something, something...: February 2010
http://martijno.blogspot.com/2010_02_01_archive.html
Security, something, something. Feb 10, 2010. I like CAcert.org. I created my CAcert account ages ago, but only recently undertook some action to get my identity assured by the community. Here's how it works:. You create an account with the service and register one or more email addresses. The service checks possession of each email address by sending a challenge link to click. As a user you now have 0 points. Issued certificates (based on a CSR. After you take the official online exam). At the time of w...
martijno.blogspot.com
Security, something, something...: May 2011
http://martijno.blogspot.com/2011_05_01_archive.html
Security, something, something. May 16, 2011. The Federated Provisioning Problem. Just dumping some projects results on this blog. ) We contributed to a study for SURFnet on identity provisioning in the context of identity federations. Last year. My colleague Bob Hulsebosch. Presented about this on TNC11. Fast forward the video stream to 65'46"). While provisioning is a non-trivial problem in many enterprise organizations, the problem gets worse still in the setting of identity federations as these invol...
martijno.blogspot.com
Security, something, something...: January 2013
http://martijno.blogspot.com/2013_01_01_archive.html
Security, something, something. Jan 4, 2013. Step-up authentication as-a-service for SURFnet. Two-factor authentication used to be the domain of secret services and the military. The enterprise and consumer e-Banking and e-Government domains have since embraced two-factor (or: step-up) authentication. More recently social. NRENs such as SURFnet have noticed these trends, and the discussion of how to best approach two-factor within a federated setting is now in. Novay, in close collaboration with SURFnet.
martijno.blogspot.com
Security, something, something...: February 2012
http://martijno.blogspot.com/2012_02_01_archive.html
Security, something, something. Feb 9, 2012. Context information can make authorization management more flexible and more secure. Knowing when and where users are, and what they are up to helps in determining which access rules to apply. With Rabobank and IBM where we ask (and answer) questions such as:. What authorization related use-cases could benefit from context information? Which context-sources are relevant, mature enough, secure enough to be used today (or in the very near future)? A model for co...
martijno.blogspot.com
Security, something, something...: XACML with Tivoli Security Policy Manager - Part 2
http://martijno.blogspot.com/2012/02/xacml-with-tivoli-security-policy_09.html
Security, something, something. Feb 9, 2012. XACML with Tivoli Security Policy Manager - Part 2. This is part 2, for installation and configuration see part 1. Using the TIP to specify services. TSPM needs to have a model of the resources that need protection (collections of resources are called services. The resulting application model consists of the web methods of the web service (as resources). A PEP can then try to access these resources using the "invoke" action. Using the TIP to specify policies.
martijno.blogspot.com
Security, something, something...: August 2009
http://martijno.blogspot.com/2009_08_01_archive.html
Security, something, something. Aug 13, 2009. Someone glued small pieces of metal to the PIN entry pad at the POS of my local self-service gas station. It must have been one of the good guys, because it says " veiligheidsstrip. Certainly raises security awareness amongst customers. Until they get used to it and the bad guys manage to produce mini cameras that look like small pieces of metal.). Links to this post. Subscribe to: Posts (Atom). View my complete profile. Gsm a5/1 security digid.
martijno.blogspot.com
Security, something, something...: November 2009
http://martijno.blogspot.com/2009_11_01_archive.html
Security, something, something. Nov 18, 2009. We seem to be getting variable road pricing. Over here in the Netherlands. Which generates a lot of discussion. Of course. The Dutch ministry of transport has a nice high level overview. Including a diagram with some interfaces of the system:. I haven't made a detailed security analysis of this system, obviously. But couldn't one simply block the incoming GPS signal (say, using a GPS jammer. Better yet, why not relay. Links to this post.
SOCIAL ENGAGEMENT