Author Archive
Decrypting bin Laden’s Hard Drives
With the news that the raid on Osama bin Laden’s compound resulted in the capture of at least 10 hard drives and over 100 miscellaneous data storage devices (CDs, DVDs, flash drives, floppy disks, etc.), a common question that’s come up on news sites is “So, how likely are we to be able to decrypt these things? How good is the best non-government-grade encryption, anyway?”
Useless Password Advice
The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s [...]
BlackHat 2010: Day 1
I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat [...]
The Trouble With Fighting Your Users
Companies like Apple that try to control devices purchased by end-users create their own serious security problems. It turns out that Apple trying to protect itself from you makes you vulnerable to attackers. Apple doesn’t want you to run anything on your phone that they didn’t approve. But of course, customers want to run whatever [...]
Secure Use of Cloud Storage
At BlackHat Briefings USA 2010 in Las Vegas this year, I presented a session entitle Secure Use of Cloud Storage, covering ways that developers can use (and misuse) cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service (S3) and SimpleDB. While the released versions are available on the BlackHat official website, [...]
