May/June 2018 issue of acmqueue The May/June issue of acmqueue is out now



Security

  Download PDF version of this article PDF

ITEM not available

acmqueue

Originally published in Queue vol. 12, no. 5
see this item in the ACM Digital Library


Tweet



Related:

Arvind Narayanan, Jeremy Clark - Bitcoin's Academic Pedigree
The concept of cryptocurrencies is built from forgotten ideas in research literature.


Geetanjali Sampemane - Internal Access Controls
Trust, but Verify


Mike Bland - Finding More Than One Worm in the Apple
If you see something, say something.


Bob Toxen - The NSA and Snowden: Securing the All-Seeing Eye
How good security at the NSA could have stopped him



Comments

(newest first)

Terry A. Davis | Sun, 08 Jun 2014 13:18:19 UTC

National Institute of Standards

http://www.nist.gov/itl/csd/ct/nist_beacon.cfm

"First, the Beacon-generated numbers cannot be predicted before they are published. Second, the public, time-bound, and authenticated nature of the Beacon allows a user application to prove to anybody that it used truly random numbers not known before a certain point in time. Third, this proof can be presented offline and at any point in the future."


Terry A. Davis | Sun, 08 Jun 2014 12:55:49 UTC

Doubting the National Institute of standards randomness beacon is tin-foil-hat crazy.


R | Sat, 07 Jun 2014 13:06:46 UTC

The Terry Childs case is interesting, I think, because everybody involved was at fault. The California political machine for putting career politicians in charge, the city administrators who were so focused on the bottom line during a recession that they let a very strange person control the network; and Terry himself, who considered the network to be personal property and was actually denying service for personal reasons.

For more details, you could try listening to one of those self-congratulatory talks that Jeana Pieralde has been giving. I found out about her from the Healthy Paranoia podcast.

One practical solution is to keep anybody from having 24/7/365 access to any critical resource. I just read about bank security, and reportedly they require everybody to take at least a week of vacation every year, so nobody is in a position to keep a discrepancy secret. That would be interesting to apply to system and network administrators, too.


R | Sat, 07 Jun 2014 12:50:00 UTC

That is a terrible title. By using "who" instead of "whom," you have inverted the meaning of the sentence.


Patrick S. Lockett | Sat, 07 Jun 2014 02:25:32 UTC

Somehow this brief article managed to encompass what many SA's, DBA's, NA's, programmers attempt to grasp as a single thought. I greatly appreciate the down to earth, candid approach of the writer. Security has no alpha and omega. "...a belt-and-suspenders world" Excellent job - now if we can expose programmers from day one.... Cheers, Patrick S. Lockett


Leave this field empty

Post a Comment:







© 2018 ACM, Inc. All Rights Reserved.