The War on the Unexpected
Bruce Schneier has a good post today called “The War on the Unexpected,” about the unintended results of asking the general population to report anything suspicious. Even discounting deliberate...
View ArticleSocial Engineering For Hire
There’s an article in PC Magazine about a company called TraceSecurity that performs audits of physical security via social engineering. Essentially, companies hire them to steal data, and they do so...
View ArticleThe Trouble with Copy Protection
SecurityFocus reports that a patch has been issued for a vulnerability in the Macrovision SafeDisc driver. Apparently, due to a flaw in how the driver handles configuration parameters (which probably...
View ArticleWhy Hackers Love Wi-Fi
Hackers love wireless networking. At DefCon 15, it was easy to predict which sessions would have lines running out the door and require getting there well in advance for a seat – it was the sessions...
View ArticleFlash and the Same-Origin Policy
Web browsers protect the user from attacks largely through the same-origin policy: any code from one web site (such as HTML pages or JavaScript) is not permitted to interact with any code from another...
View ArticleChecks: The Most Dangerous Transaction
During this year’s Christmas shopping season, I made some large in-person transactions at the same time as my wife made an online transaction, and my credit card was suspended by the issuing bank for...
View ArticleThe Resilient Society, and How Not To Build It
Today I found a link to an article by my least-favorite current presidential candidate, Rudy Giuliani. I was expecting a cavalcade of fear-mongering — his usual stock in trade — but discovered to my...
View ArticleDeterring the Internal Attacker
On January 21st, 2008, the major French bank Société Générale lost $7.09 billion attempting to unwind unauthorized trading positions taken by Jérôme Kerviel, a futures trader with the bank....
View ArticleMom lets 9-year-old take subway home alone!
The Today Show has a cover story today entitled “Mom lets 9-year-old take subway home alone.” The controversy over this — that is, the fact that there is any — is a wonderful example of how poorly...
View ArticleSurveillance and Ubiquity
HexView has an article about tracking vehicles with RFID tire pressure monitors. The devices are found in tires and transmit tire pressure to the engine control module, which sounds innocuous enough,...
View ArticleThe Black Hat Tax
Auren Hoffman at Summation has an interesting post on the “black hat tax.” Essentially, how much do hackers and other online criminals actually cost us? He estimates it at 25% of time and...
View ArticleTwo-Factor Auth for World of Warcraft
Blizzard Entertainment, makers of the phenomenally-successful multiplayer game World of Warcraft, have introduced two-factor authentication for logging into the game. For $6.50, they’ll sell you a...
View ArticleA “Clear” Case of Failure
Clear, the “trusted traveler” program that allowed customers to bypass airport security lines, has shut down. Â The story is an interesting case of bureaucratic disincentives and general failure around...
View ArticleBlackHat 2009, Day 1
The annual Vegas security conference is upon us again, and there have been plenty of interesting presentations. Last year, it felt like WiFi was the “theme” of the year — this year, the most...
View ArticleBlackHat 2009, Day 2
The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called...
View ArticleThe Trouble With Fighting Your Users
Companies like Apple that try to control devices purchased by end-users create their own serious security problems. It turns out that Apple trying to protect itself from you makes you vulnerable to...
View ArticleBlackHat USA 2011, Day 2
The second day of BlackHat started out with a keynote by Mudge. I attended this one despite the normally-dull nature of BlackHat keynotes, because while Mudge is a Fed now (he works for DARPA), he has...
View ArticleDefCon 19, Day 1
Having finished with BlackHat, I checked out of the Flamingo and moved to DefCon’s new location this year, the Rio. This was an enormous upgrade from the Riviera, the previous location. For one, the...
View ArticleDefCon 19, Day 2
I slept in a bit on Saturday and missed the 10am panels. None of them seemed very relevant to me, though now I kind of regret missing the first panel. Apparently the former CEO of HBGary Federal, Aaron...
View ArticleSouth Carolina Hack Attack Root Causes
Recently, the South Carolina Department of Revenue was hacked, losing tax records on 3.6 million people — that is, most of South Carolina’s population. These contained Social Security numbers at the...
View Article
