Schneier – On the Security of Password Managers

This is a very interesting read.  I do not believe these noted issues should warrant the abandonment of password management tools.  As the author states, much of the security concern lies in whether or not you consider your workstation secure and trusted.  Password managers in combination with multi-factor authentication mechanisms is a sound and strong approach to credentials management.

https://www.schneier.com/blog/archives/2019/02/on_the_security_1.html

Advertisements

Schneier on Security – The Effects of the Spectre and Meltdown Vulnerabilities

Mr. Schneier has given us a concise, well-written and forward thinking perspective on Meltdown, Spectre and the potential future of hardware-based vulnerabilities.  This article is certainly well worth a read.

https://www.schneier.com/blog/archives/2018/01/the_effects_of_3.html

Amazon Creates Classified US Cloud

The thread responses in this post from Bruce Schneier are almost as entertaining as the linked content from the Washington Post.  If you ever doubted that the cloud movement was unstoppable, it is time to reconsider.

On a lighter note, the arguments many will have with HIPAA and PCI consultants over cloud storage of sensitive data should get more entertaining.  “But Uncle Sam gets to do it…why can’t I?”

https://www.schneier.com/blog/archives/2017/11/amazon_creates_.html

Schneier on Security – FDA Recommendations on Medical-Device Cybersecurity

I echo Mr. Schneier’s comments in that a non-binding recommendation has little value and even less influence.  That said, this is a necessary half-step in the right direction.  Human hackability is a real problem that needs and deserves real attention and real solutions.

https://www.schneier.com/blog/archives/2017/01/fda_recommendat.html

I am glad to see that St. Jude Medical and others are at least attempting to patch and address vulnerabilities in their products.

https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/