Update to Partial Passwords

A few weeks back I exchanged a few emails with Tom (aka bananalol). We had a good discussion about the security of the partial password scheme you can find here.

I was able to show that his initial suspicion of a security hole in the scheme was unfounded.

Password sCrib Manufacturing

We have not posted much here recently as most of our attention was in the direction of our spin-off company Smart Crib Ltd. Throughout the Summer we were talking to a number of companies specialising in electronics manufacturing, supplies of electronic components, injection moulding, testing, and so on. We are getting close to the end of this task and first batch of Password sCrib dongles will be delivered in a few weeks' time. Fingers crossed.

 

Smart Architects Keeps Passwords Safe

sCrib ensures password resets are a thing of the past


The problem of using the same weak password repeatedly was highlighted when users had their personal data stolen from Sony’s PlayStation network earlier this year. Every month, hundreds of thousands of people are affected by similar incidents.

sCrib and KeyPass
A new plugin - OtpKeyProv - for the KeyPass password safe has been published. It protects the password database with one time passwords.
Home sCrib for Developers
We have finished testing of a developers' version of the sCrib. It can be reset and it also implements transaction authorisation for input from a connected keyboard.
sCrib - Regional Finalist of GSC 2011

Smart Architects and its product sCrib have been selected as a regional finalist of the Global Security Challenge 2011.

sCrib on Youtube
A short video introducing sCrib has been uploaded to Youtube. You can watch it here.
sCrib at TVC2011
Cambridge University Technology and Enterprise Club organise Technology Ventures Conference and our sCrib will be there.
Pocket Enigma machine to boost computer security

A Cambridge startup is about to launch a new product to give computers extra protection against hackers.

Smart Card Detective Stocked
Smart Card Detective (SCD) is now available for purchase from our online store (http://www.smartarchitects.co.uk/opencart). SCD is a tool for analysing communication between smart cards and terminals. It is compatible with ISO7816 smart cards.
Smart Card Detective
We have signed an exclusive license agreement with Omar Choudary for further development and sale of Smart Card Detective - a tool for analysing communication of ISO7816 smart cards, including current debit and credit cards.
Partial Passwords - How?
Some time ago, we were asked how to implement a partial password system. The client did not really know how to get round the problem and were on the brink of implementing it with a database of plain text passwords.
Database with Integrity - Study
Some time ago we have written an informal study for implementation of a data management system with integrity protection. It has been lying on a disk for a while and when we came across it recently, we decided to put it online as it shows some basic cryptographic mechanisms.
Cloud and Security

Here are some thoughts on security in the "Cloud" - another hyped word of recent few years. We try to name some of the most interesting challenges. The  bottom line is that instead of a secure tunnel between a client and a server, one has to create a secure "bubble" that only the client can access.

Firewalls - Dinosaurs of The Past?

It is quite interesting that the two most common security mechanisms - antivirus software and firewalls are nowadays deemed insufficient.

 

Wanted: Database of Security Products

We did a bit of googling and asked people around and saw how procurement processes work in large organisations. And we have not found a reasonable source of unbiased database and reviews of security products.

SCADA Systems

Security of SCADA (Supervisory Control And Data Acquisition) systems has been a known issue for some time. However, recent attacks of a virus on control systems in the Middle East have brought the topic on newspapers' front pages.

Slashdot has recently published a question of someone interested in implementing a SCADA system in a reasonably secure way ...

 

"Attack" On Border Gateway Protocol
There has been a decent coverage recently of an experiment with a proposed extension of BGP. The BGP protocol is one of the main protocols providing connections between IP networks (it also decides with network will carry the data and as such profits of large internet providers).
This Web Site Created
We have just put this web site online. The content and look is still work in progress but it's great to see it up and running.