Author Archive | Peter Hesse

Security and Usability

I’ve become very focused on the nexus between security and usability. I was interviewed for an article in The Guardian last year. “Security needs to learn from design by doing focus groups, having conversations and putting itself in the perspective of the people who will use this system,” he said, adding that it isn’t the […]

Continue Reading

Can You Afford to be this Slow?

In April, 2014, CVE-2014-0160 was released, better known as the Heartbleed bug. Heartbleed is devastating – it can reveal sensitive information not just of the user, but anything on the machine. In practice it has been used to export private keys for TLS/SSL certificates. These stolen private keys can then be used to impersonate a […]

Continue Reading

Welcome Back

After a long hiatus, Security Musings is returning to its roots. This blog is going to be equal parts education and entertainment – you’ll learn some things, and you’ll learn some things that make me angry. I won’t follow a set frequency although I intend to post at least twice a month. The look and […]

Continue Reading

HIPAA Audits Are Coming – Are you ready? – HHS has announced a plan to survey 1200 covered entities and business associates in preparation for audits

photo credit: Jamiesrabbits via photopin cc After the 2013 HIPAA Omnibus rules went into effect, there was a delay as the Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) brought their auditing program in line with the new requirements. Based on last month’s announcement in the Federal Register, it seems like […]

Continue Reading

Healthcare Industry Under Siege – Increasingly sophisticated cyberattacks are compromising healthcare organizations, and many remain unaware that their network is already compromised.

photo credit: lydia_shiningbrightly via photopin cc Much of the focus in recent news is on attacks on retailers and the financial industry. It is easy to see the results of these money-motivated attacks in the form of large thefts of money or credit cards. As a result, it may surprise you to know your health […]

Continue Reading

Security Table Stakes – Recent events demonstrate that security is no longer optional. What is the minimum ante to even get into the game?

Business leaders and gamblers know risk. Success means managing risks effectively. The better they do, the better the returns. Often overlooked is another similarity: table stakes. Gamblers have to pay to play, certain games have minimum table stakes you must ante to participate. For business, the ante is investing enough time, money, and effort in […]

Continue Reading

Your New Year’s Resolution

Here it is, the last day of 2013. It has been a rough year for me, both personally and professionally. So for the first time in a long time, I’m very much looking forward to speeding off into the new year without even glancing in the rear-view at 2013. And it is the time for […]

Continue Reading

Evaluating Third Parties

One of the things that caught my eye in PWC’s most recent The Global State of Information Security® Survey 2014 report was the bits and pieces of information shared about the importance of evaluating the security of third parties. As data proliferates and is shared among more partners, suppliers, contractors, and customers, it is increasingly critical that […]

Continue Reading

Google Authenticator Weaknesses

Earlier this year, we  submitted a bug to Google for the Google Authenticator app on Android. Basically, the bug we submitted is that the secret key (the private code that when combined with an accurate source of time creates the one-time-use codes for use with Google’s open-sourced two factor authentication) is stored in the clear on […]

Continue Reading