DEFCON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence

I presented a talk at the DEF CON 101 track of DEF CON 23 this year; for those of you who have been directed to the site from the talk, you can find the slides on this site here: DEF CON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence Note that […]

attacks, mitigations, risk

South Carolina Hack Attack Root Causes

Recently, the South Carolina Department of Revenue was hacked, losing tax records on 3.6 million people — that is, most of South Carolina’s population. These contained Social Security numbers at the very least, as well as 3.3 million bank account numbers, and may have been full tax returns (they haven’t said.) There’s been the usual […]

attacks, mitigations, risk

BlackHat USA 2012

This year I’ve decided to make a departure from the talk-by-talk trip reports I’ve done in the past. Most of the interesting presentations are already online (the whitepapers and slide decks, at least) and I’ll link to them here, but overall this was a very interesting year in information security and I think the gestalt and the keynotes are more important than the specific exploits demonstrated.

attacks, crypto, industry, networks, privacy, products, society

DefCon 19, Day 3

Sunday was interesting — this was actually the first DefCon I have attended (and I’ve been to the last five) where Sunday was actually busy. Normally Sunday feels very empty — most people have gone home, and the ones that are still around are too hung over to go to the morning sessions. I was […]

attacks, hardware, networks, physical security, products

DefCon 19, Day 2

My experiences attending DefCon 19.

attacks, industry, networks, products, risk