Cosine Jeremiah and his Musings

Sorry for the delay in posts here, but I have been sick the past week, and getting back into my regular routine has been challenging since. Also, rather that just post random musings of the day like many other blogs, I try to provide useful original content based on my experience.

However, today I will do as many other blogs do and point to some interesting content from elsewhere that I recently came across. There are two recent articles by Nate Lawson that are very interesting; you may find them here and here, and I suggest you read them. They discuss the security of internal system components—hardware security.

As security practitioners continue to struggle with networks and applications, we still have the same issues affecting components of our hardware. The exact same issues, in fact: authorization, authentication, and security versus performance to name a few. I smile at the thought of a conference room somewhere in the bowels of Intel or AMD where engineers and managers discuss threat models and risk equations and make decisions on what to implement and how to implement PC hardware features based on costs and risks in a manner no different than how a web application’s security is discussed at a software company.