Articles by Michael A Schmidt

About Michael A Schmidt

Michael A Schmidt is the primary security contact within Sophos Data Protection Group (DPG) software development. He has been with Utimaco (the predecessor of the DPG) development for many years, filling various development- and security-related positions. Currently, he is harassing the other developers in the group with the promotion of a security-oriented software development process. Even more, Michael is forming a group of conspirators within Sophos to run a world-wide, 'Distributed Promotion of Secure Coding' attack.

What can secure software development learn from Shakespeare, Roosevelt and Nehru?

Secure software development

Do you know what William Shakespeare, Eleanor Roosevelt and Jawaharlal Nehru have in common with the data security expert community (and possibly you)?

The Security Development Conference held in Washington DC provides the answer.

Chip and PIN compatibility leads to insecurity


At last week's CanSecWest security conference in Vancouver Canada researchers showed methods they could use to compromise chip and PIN credit cards. Is backward compatibility creating security holes that reduce the security of your card?

SSDs, encryption and decommissioning

Encrypting SSDs the right way

A research paper about the secure erasure of data on SSDs has raised a lot of discussion.

What steps do you need to take when decommissioning a disk?

Destroying disk drive data: No sledge hammer required

Destroying disk drive data: No sledge hammer required

Data leakage through improper disposal of disk drives is a real threat, but a recent report of a security breach at the Kennedy Space Center reveals that there's still a lack of awareness on how to destroy data properly.

Evil Maids on the rise

Image (4) bitlocker-pin.jpg for post 15544

The opportunities for evil maids seems to be soaring. Some weeks ago, I blogged about how a malicious room maid could install a software password sniffer on a portable PC with TrueCrypt Full Disk Encryption (FDE) - needing only a Read more…

Evil Maid wanted, B.S. in Computer Science a plus

Image (4) evil-maid.jpg for post 15424

Some weeks ago, Polish researcher Joanna Rutkowska published an attack on the TrueCrypt Full-Disk Encryption (FDE) software, which allows an attacker with access to an unattended PC to install a password sniffer in a first strike, and to steal the Read more…

Why not become an employer to snatch personal data?

Image (4) job-portal.jpg for post 15238

It's not really breaking news that personal data can be at risk on internet job portals, as hackers have recently demonstrated with the Guardian Jobs website breach. But why should you even consider all the hassle to hack the web Read more…

Give EFI a chance!

Image (6) efi-sophos.jpg for post 15051

Many of us will upgrade their PCs soon to Windows 7, Microsoft's latest operating system available for 32-bit and 64-bit hardware. Although this version will deliver state-of-the art performance in many areas, most of its installations will still be made Read more…

Are hard drive manufacturers making a meal of securing data?

Image (4) hard-disk-plate.jpg for post 15044

"Hospital lost patient data" (...unencrypted), "ministry of defense laptop stolen" (...unencrypted), "hard disk with confidential defense information on Ebay" (...unencrypted), reports like these have haunted us for the last couple of years with an ever increasing frequency and publicity. Mobile Read more…

Your PIN or your life!

Image (3) michael-alfred-schmidt.jpg for post 13812

Life has become more dangerous for ATM card holders in the UK. As muggers require the Personal Identification Number (PIN) of a stolen card to make withdrawals, they are tempted to resort to violence against the card owners to get Read more…