|Version 13 (modified by dkg, 6 years ago) (diff)|
Security issues with Computers and other Information/Communications Technology
CMRG best practices currently recommends the use of a TrustedPhysicalConsole, also known as a TPC.
A TPC, combined with a healthy Public Key Infrastructure, strong cryptography, and backend server resources controlled by people you trust, provides for an unprecedented level of private, authenticated, global communications. However, most ICT users today don't know enough or have enough support to make good use of these tools.
fundamental free tools for cryptographically-secure communications
If you want to do cryptographically-secure communications over the internet using free tools, you should become familiar with a few staples:
network authentication schemes
Some pages worth reading when thinking about security in today's networked environment include:
- the W3C's analysis of security issues with HTTP/1.1
- Bruce Schenier's blog and web site
- the Debian Security Audit
- dkg's article about social flaws in the TLS protocol
- Microsoft, VeriSign, and Certificate Revocation by Gregory L. Guerin
- Everything you never wanted to know about PKI but were forced to find out by Peter Gutmann
- Common Vulnerability Scoring System, maintained by the Forum of Incident Response and Security Teams (FIRST)
- Cyber Security Bulletins, weekly summaries of announced vulnerabilities, maintained by the USA's Dept. of Homeland Security Computer Emergency Readiness Team (US-CERT) -- these make for interesting reading if you want to get a sense of what classes of attack are being announced