I have a thermal imaging camera made by FLIR Systems. These cameras are really interesting devices; they pick up long-wavelength infrared radiation (wavelengths of 8-12μm, versus 380-750nm for visible light). We’ve all seen objects heated until they’re hot enough to glow visibly, but it takes a lot less heat to glow in the infrared spectrum!
Why, you might ask, do I have a thermal camera? Because. That’s why. Actually, there is a reason.
Continue reading Adventures with Infrared
If you’re not a pretty serious gadgeteer, this post isn’t for you. Nothing to see here; move along…
The intersection of hardware and software has always been an interesting place, even more so when security engineering is involved.
I recently bought a Rigol DS1074Z oscilloscope. It’s a neat gadget and I’m really pleased with it.
Continue reading Bad Crypto and a Good Oscilloscope
I just got an email from Kickstarter, the popular crowdfunding platform. They were writing to let their users know that they’ve joined the ranks of the companies who’ve suffered a data compromise.
I hope that they’re well-treated by their users during this crisis, because they’re doing a really good job.
Continue reading Doing It Right When Security Fails
It’s possible to construct a wheel out of bricks by using little wooden wedges in between the bricks to make the whole production sort of vaguely round. But no sane engineer would be proud to have designed such a thing.
That’s what I think of every time when I look at the landscape of security “solutions” for credit card payments.
Continue reading Bricks and Wedges
Over the last few days, Windows users have been hit with yet another email worm. Like many others, this one, the so-called “MyDoom” worm, entices the user to click on a file sent as an email attachment. This mode of attack has been around for a while, though this most recent incarnation is particularly clever; it masquerades as an email system error.
Continue reading Desktop System Security Architecture
February 2014: I found these photos of the equipment used in one of my early security consulting projects. This was the gear used to support Europe’s first Internet-accessible stock trading system:
There were two firewalls in this configuration (separating the DMZ from internal and external networks), plus two application processors. All of these were built atop Sun Ultra 1 systems (each one featured a 143 MHz processor, 32M RAM, and a 1GB disk for about $16,000 in 1997 dollars).