industry

BlackHat 2010: Day 1

I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat […]

attacks, authentication, crypto, industry, mitigations, products

The Trouble With Fighting Your Users

Companies like Apple that try to control devices purchased by end-users create their own serious security problems. It turns out that Apple trying to protect itself from you makes you vulnerable to attackers. Apple doesn’t want you to run anything on your phone that they didn’t approve. But of course, customers want to run whatever […]

attacks, industry, risk, society

Google SSL Search

Google has added the ability to access their search engine via SSL.  The interface couldn’t be simpler — you just go to https://www.google.com instead of http://www.google.com.  The news media has been quite favorable to this — after all, search queries are at least semi-private in that you might not want your employer or neighbors to […]

industry, privacy

BlackHat 2009, Day 2

The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services being used […]

anonymity, attacks, crypto, hardware, industry, legal, networks, passwords, risk, society

BlackHat 2009, Day 1

The annual Vegas security conference is upon us again, and there have been plenty of interesting presentations. Last year, it felt like WiFi was the “theme” of the year — this year, the most interesting (and well-attended) briefings were on SSL and mobile devices. The Wednesday keynote was presented by Douglas Merrill, the COO of […]

attacks, crypto, industry, passwords, risk