Currently browsing

March 2015


Side Channel Attacks on Cryptographic Software

When it comes to cryptographic software, side channels are an often-overlooked threat. A side channel is any observable side effect of computation that an attacker could measure and possibly influence. Crypto is especially vulnerable to side channel attacks because of its strict requirements for absolute secrecy. In the software world, side …


Cookies and Security

Cookies would seem to have all the security they need by virtue of the domain, path, andsecure options, but the nature of web pages complicates the matter significantly. User logins and session hijacking One of the most common uses for cookies is to track user login state. The mechanism is quite simple: you …