Why the fuss about liquids?
What about Semtex and C4, which are more like a plastic or a paste?
Posts by Bhavin Desai
8 publicly visible posts • joined 3 Oct 2007
TSA says 'checkpoint friendly' laptop bags on the way
Nigerian duped gullible NASA employee
Of laptops and US border searches
Monday 24th March 2008 15:01 GMT 
The Arnold Search
Although I am not a lawyer, I think the search on Michael Timothy Arnold was reasonable and justified because:
"They were also suspicious because Arnold could not remember the name of the company where he had once worked as a night auditor and appeared "fidgety." "
Probably a lot of material in other laptops has already got through because the carrier stayed calm. Although a knowledge of Body Language is useful, the theory sometimes breaks down in a real life stressful scenario.
eBay gets negative feedback about ban on negative feedback
Thursday 7th February 2008 13:15 GMT 
There are easier ways to find physical addresses!!!
Physical addresses of businesses and companies are freely available in local newspapers, Yellow Pages, The Phone Book, Companies House website, and many other sources. Is there anything particularly special about eBay requiring companies to display their physical address?
What exactly is the problem?
Telling lies to a computer is still lying, rules High Court
'Fiendish' Trojan pickpockets eBay users
Check Point plays down FireWall-1 bug reports
Wednesday 3rd October 2007 21:50 GMT
A Quick Note on Common Criteria and Penetration Testing
There is a difference in scope and objectives between Common Criteria evaluation and penetration testing.
Common Criteria evaluation focuses primarly on ensuring that there are no exploitable vulnerabilities in the composite environment formed by the Product being evaluated together with the Physical, Procedureal, and Personnel countermeasures established by the System (or Site) Security Policy.
Penetration testing attempts to find ANY kind of security problem and focuses ONLY on the product being tested (regardless of any other aspects of the environment).
The difference in scope between Common Criteria and penetration testing often leads to misunderstanding and confusion. Each side has its "truth" but the other side "can't handle the truth". This has been the case for many years.
In particular, it is possible for a product to get a Common Criteria certificate even if it has multiple security faults, provided that the securely configured product in its securely configured environment has no exploitable vulnerabilities.
There are also the usual issues about the attacker wanting recognition & prestige, and the victim wanting damage limitation to preserve image & business.
Wednesday 3rd October 2007 21:50 GMT
A Quick Note on Common Criteria and Penetration Testing
There is a difference in scope and objectives between Common Criteria evaluation and penetration testing.
Common Criteria evaluation focuses primarly on ensuring that there are no exploitable vulnerabilities in the composite environment formed by the Product being evaluated together with the Physical, Procedureal, and Personnel countermeasures established by the System (or Site) Security Policy.
Penetration testing attempts to find ANY kind of security problem and focuses ONLY on the product being tested (regardless of any other aspects of the environment).
The difference in scope between Common Criteria and penetration testing often leads to misunderstanding and confusion. Each side has its "truth" but the other side "can't handle the truth". This has been the case for many years.
In particular, it is possible for a product to get a Common Criteria certificate even if it has multiple security faults, provided that the securely configured product in its securely configured environment has no exploitable vulnerabilities.
There are also the usual issues about the attacker wanting recognition & prestige, and the victim wanting damage limitation to preserve image & business.
Biting the hand that feeds IT
