Seven good security questions

We just received the Autumn issue of 2600 The Hacker Quarterly. I love this magazine for two reasons. Some of the articles are good. But the more important, this magazine gives a vision of the mindset of hackers, or at least I should say the Hackers. By Hackers with a H capital, I mean the guys who want to use the gimmick in a way different from the one that was intended by the designers. Sometimes, you discover also some security vulnerabilities that seem so obvious that you would not dare to test them (See the short paper Free DirecTV on by outlawyr)

Sometimes, you also find papers written by authors without warnames pseudonyms and who dare to give their email address. These papers have another tone (the type of tone you would find in French Misc magazine)

In this issue, John Bayne presented a comparison between SSL and DNSSec. At least, he compared just the management of certificates. The interesting part was not too much on the result of the match (SSL won!), but on the set of criteria, he used.
He asked interesting questions that could be used for evaluating any IT security system.

  • 1- How is trust implemented?
  • 2- How strong are the algorithms that are in use?
  • 3- Does the technology provide true end to end security?
  • 4- How clear is the warning that the technology presents to the users?
  • 5- How easy is it to implement a centralized policy for the technology?
  • 6- How widespread is the technology?
  • 7- How broadly will the technology protect you?

Leave a Reply

Your email address will not be published. Required fields are marked *