Shostack + Friends Blog Archive


Security Roundup: Build Security In Edition

  • David Litchfield lets rip at Oracle in “Complete failure of Oracle security response.” Such questions need to be directed to more vendors than just Oracle.
  • Andrew Jaquith writes about “Hamster Wheels of Pain” in security company presentations.
  • The Seattle Times has an article on those new fancy, radio controlled cockpit doors, “Glitch forces fix to cockpit doors.” Fascinating. I wonder if that’s made it into the aviation failures database? (Via Infosec news):

    Boeing and Airbus insist there was no immediate danger. The mechanic had to be standing in precise spots with a particular walkie-talkie tuned to a specific frequency and with a certain signal strength.

    There’s lots of stereotypical good detail: The vendor insisting it would be hard, an independent expert insisting it’s easy…

  • Simson Garfinkel has a good presentation on RFID security issues that he gave to an OECD working group.
  • Lastly, each item in this roundup relates to a failure to include security in the design and manufacture of new systems. DHS has just launched “Build Security In,” a new website to share information about how to include security in your software plans from the start.

4 comments on "Security Roundup: Build Security In Edition"

  • beri says:

    Speaking of security, I wonder how many high tech terrorists read this tidbit someplace and ran out to get some walkie-talkies and start experimenting. That’s what I would call “too much information.”

  • Adam says:

    You mean someplace like their aircraft maintenance manuals? If we don’t see how systems fail, we can’t learn to build them securely.

  • Note to new DHS webmaster…I registered using ‘xxxxx’, but the login page form only allows up to 15 chracters max input at ‘j_username’…..
    p.s. yeah I got around that;-)

  • DM says:

    Interesting presentation from Simson. I have to disagree with his final page though. I don’t see any of the security issues stopping businesses from using them or frankly the privacy problems stopping most customers from using them either at least not here in the US.

Comments are closed.