legal
BlackHat 2009, Day 2
The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services [...]
False Expense Service Reveals the Trouble With Documents
There’s been some news coverage lately about FalseExpense.com, a service that produces fake receipts to order “for novelty use only.”
The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts. People who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually pay [...]
Exploiting Public Information for Stock Manipulation
Last Wednesday, 9/10, United Airlines saw its stock drop by over 75% in fifteen minutes, over a mistaken news story that came across the Bloomberg business wire announcing that it had filed for bankruptcy. How this happened has interesting implications for security.
Back on December 10th, 2002, United Airlines really did file for bankruptcy. It was [...]
BlackHat 2008, Day 2
The second day of BlackHat 2008 began with a keynote speech by Rod Beckstrom, the director of NCSC (the National Cyber Security Center.) Most of this consisted of painfully strained Civil War analogies and the overuse of the word “Cyber” to describe absolutely everything. He made some good points — specifically, that in [...]
Charter Communications Using Ad Replacer
A story in the New York Times tells us that Charter Communications (the United States’s fourth-largest cable company) is going to start tracking user behavior and using it to sell ads. They spin this as a potential problem because of privacy implications — it means that the cable company is watching your web surfing so [...]
