Karsten Nohl on Access Control

Interested in how security works in the corporate/etc world?

Legendary German crypto-security researcher Karsten Nohl’s SRlabs has a good intro to thinking about security in an organizational setting. (Published in the wake of them cracking the Mifare Classic and other access-control systems.) It covers the whole process from identifying vulnerabilities to solving problems while rolling out fixes.

Granted, in the wake of the ‘Insecure Email’ link’s statistic — that if the world saw what they wrote in email, senior management at 60% of organizations think they’d lose the trust of their employees and customers — I’m unsure if it’s ethical to help improve their security.

But hey. Thinking about security for the big beasts helps when you start thinking about security for the little guy too.

https://srlabs.de/blog/wp-content/uploads/2010/09/Access_Control_Best_Pratices_Study_v1.01.pdf

(too long to quote)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: