authentication
BlackHat 2010: Day 1
I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat [...]
Hotel Internet and ISP Paywalls
So, I’m currently in a hotel, to remain nameless here, for BlackHat 2009 and DefCon 17. As is usual for expensive hotels, Internet access is available — both wired and wireless — for a substantial fee ($13.99/day here.) This is enforced via a paywall. For anyone who has never tried to use Internet in a [...]
False Expense Service Reveals the Trouble With Documents
There’s been some news coverage lately about FalseExpense.com, a service that produces fake receipts to order “for novelty use only.” The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts. People who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually [...]
Two-Factor Auth for World of Warcraft
Blizzard Entertainment, makers of the phenomenally-successful multiplayer game World of Warcraft, have introduced two-factor authentication for logging into the game. For $6.50, they’ll sell you a dynamic password keychain token called the Blizzard Authenticator, which looks much like the RSA keyfobs many in the IT industry use to log into their corporate VPNs. It may [...]
Ubuntu/Debian CRNG Cracked – SSH Vulnerable
I don’t usually post about newly-discovered vulnerabilities, simply because there are so many of them — a dozen come out every day, especially in web applications. However, this one has further-reaching consequences. Security researcher HD Moore (of Metasploit fame) has discovered a vulnerability in the OpenSSL cryptographic random number generator used by Debian Linux, the [...]
