SEARCH:
Quick Search Results

Searching...

VIEW ALL FEATURED ARTICLES | VIEW ALL TOPICS | VIEW ALL REGIONS

Zen and the Art of Breaking Security - Part I

Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. This first of a two part series from Security Portal looks at alternative, perhaps even unusual, means to induce or exploit security vulnerabilities.

provided by: 
Originally published at Internet.com

-----------------------------------

By Razvan Peteanu for SecurityPortal -----------------------------------

I'll admit I had double thoughts about creating yet another variation on the "Zen and the Art of..." theme. I myself shiver when I see such titles, but I hope Zen practitioners and Mr. Pirsig [1] will forgive me this time. The Zen quotation is appropriate for what we will describe in this two-part series: alternative, perhaps even unusual, means to induce or exploit security vulnerabilities.

Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. The designer often works with concepts, not with the real thing. We look at an algorithm's specifications and we mistake it for its implementation in a particular program. We read several RFCs and we say, this is TCP/IP.

The more we work on a topic, the stronger the identification between the concept and its implementation. We often reduce the implementation to the concept, leaving nothing out of the real thing but the concept that originated it. In Zen, we are often reminded that the finger pointing to the moon is not the moon...

Read article at Internet.com site
Related Articles
- Zen and the Art of Breaking Security - Part II
There are cases in which "gentle" techniques like timing or power analyses are not enough to fulfill the attacker's goal. Or the goal itself is not to break the protection scheme but to break through it, to the end target the mechanism is protecting, in a modern reenactment of Alexander the Great's "solution" to the Gordian knot. Enter failure-inducing attacks, in which the technique is to induce a failure in the very protection mechanism itself.
- Email Filtering: The Real Deal
- Managing Outgoing Viruses
- FTP Attacks
- Encrypting an Access Database
- An Unbreakable Code?
- Ending Trust in Certificates
- URL, URL, Little Do We Know Thee
- E-commerce Security: VeriSign
- Why Firewalls?
Regional Articles
- Zen and the Art of Breaking Security - Part I Alabama
- Zen and the Art of Breaking Security - Part I Alaska
- Zen and the Art of Breaking Security - Part I Arizona
- Zen and the Art of Breaking Security - Part I Arkansas
- Zen and the Art of Breaking Security - Part I California
- Zen and the Art of Breaking Security - Part I Colorado
- Zen and the Art of Breaking Security - Part I Connecticut
- Zen and the Art of Breaking Security - Part I DC
- Zen and the Art of Breaking Security - Part I Delaware
- Zen and the Art of Breaking Security - Part I Florida
- Zen and the Art of Breaking Security - Part I Georgia
- Zen and the Art of Breaking Security - Part I Hawaii
- Zen and the Art of Breaking Security - Part I Idaho
- Zen and the Art of Breaking Security - Part I Illinois
- Zen and the Art of Breaking Security - Part I Indiana
- Zen and the Art of Breaking Security - Part I Iowa
- Zen and the Art of Breaking Security - Part I Kansas
- Zen and the Art of Breaking Security - Part I Kentucky
- Zen and the Art of Breaking Security - Part I Louisiana
- Zen and the Art of Breaking Security - Part I Maine
- Zen and the Art of Breaking Security - Part I Maryland
- Zen and the Art of Breaking Security - Part I Massachusetts
- Zen and the Art of Breaking Security - Part I Michigan
- Zen and the Art of Breaking Security - Part I Minnesota
- Zen and the Art of Breaking Security - Part I Mississippi
- Zen and the Art of Breaking Security - Part I Missouri
- Zen and the Art of Breaking Security - Part I Montana
- Zen and the Art of Breaking Security - Part I Nebraska
- Zen and the Art of Breaking Security - Part I Nevada
- Zen and the Art of Breaking Security - Part I New Hampshire
- Zen and the Art of Breaking Security - Part I New Jersey
- Zen and the Art of Breaking Security - Part I New Mexico
- Zen and the Art of Breaking Security - Part I New York
- Zen and the Art of Breaking Security - Part I North Carolina
- Zen and the Art of Breaking Security - Part I North Dakota
- Zen and the Art of Breaking Security - Part I Ohio
- Zen and the Art of Breaking Security - Part I Oklahoma
- Zen and the Art of Breaking Security - Part I Oregon
- Zen and the Art of Breaking Security - Part I Pennsylvania
- Zen and the Art of Breaking Security - Part I Rhode Island
- Zen and the Art of Breaking Security - Part I South Carolina
- Zen and the Art of Breaking Security - Part I South Dakota
- Zen and the Art of Breaking Security - Part I Tennessee
- Zen and the Art of Breaking Security - Part I Texas
- Zen and the Art of Breaking Security - Part I Utah
- Zen and the Art of Breaking Security - Part I Vermont
- Zen and the Art of Breaking Security - Part I Virginia
- Zen and the Art of Breaking Security - Part I Washington
- Zen and the Art of Breaking Security - Part I West Virginia
- Zen and the Art of Breaking Security - Part I Wisconsin
- Zen and the Art of Breaking Security - Part I Wyoming
Rss   Delicious   Digg   Add To My Yahoo   Add To My Google   Bookmark   Search Plugin
Topics:
Architecture & Design Languages & Tools Project Management Web Services
Database Microsoft & .NET Security Wireless
Java Open Source Techniques XML