Author Archive
A “Clear” Case of Failure
Clear, the “trusted traveler” program that allowed customers to bypass airport security lines, has shut down. The story is an interesting case of bureaucratic disincentives and general failure around the whole mess known as airport security. A privately-run alternative to the TSA’s Registered Traveller program, Clear started out with what seemed like a good idea [...]
False Expense Service Reveals the Trouble With Documents
There’s been some news coverage lately about FalseExpense.com, a service that produces fake receipts to order “for novelty use only.” The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts. People who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually [...]
Conficker Mostly a Dud
After tons of breathless media coverage about how April 1st might be the latest “cyber-catastrophe,” the date has come and gone and… nothing happened. There was, admittedly, some cause for concern. With 250,000 known machines infected with Conficker.C (and estimates of the full number of infected machines as high as 15 million before antivirus software [...]
Exploiting Public Information for Stock Manipulation
Last Wednesday, 9/10, United Airlines saw its stock drop by over 75% in fifteen minutes, over a mistaken news story that came across the Bloomberg business wire announcing that it had filed for bankruptcy. How this happened has interesting implications for security. Back on December 10th, 2002, United Airlines really did file for bankruptcy. It [...]
DefCon 16, Day 1
Having finished up with the BlackHat briefings, it was time to go on to DefCon. While many of the speakers from BlackHat stay on for DefCon, there’s also a lot of DefCon-only presentations, usually with a more attack-oriented focus (in keeping with DefCon’s nature as a hacker convention rather than a security conference like BlackHat.) [...]
