The Blade Itself Incites to Violence

We have a hundred thousand spies now: they have the capability, they have the information. The law will change; maybe not now, maybe not for a decade, but if don’t strangle this right now, it will change. They can do it, so they must: as Homer said, the blade itself incites to violence.

legal, privacy, society, terrorism

BlackHat 2009, Day 2

The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services being used […]

anonymity, attacks, crypto, hardware, industry, legal, networks, passwords, risk, society

False Expense Service Reveals the Trouble With Documents

There’s been some news coverage lately about, a service that produces fake receipts to order “for novelty use only.” The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts.  People who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually […]

attacks, authentication, legal, society

Exploiting Public Information for Stock Manipulation

Last Wednesday, 9/10, United Airlines saw its stock drop by over 75% in fifteen minutes, over a mistaken news story that came across the Bloomberg business wire announcing that it had filed for bankruptcy.  How this happened has interesting implications for security. Back on December 10th, 2002, United Airlines really did file for bankruptcy.  It […]

attacks, legal

BlackHat 2008, Day 2

The second day of BlackHat 2008 began with a keynote speech by Rod Beckstrom, the director of NCSC (the National Cyber Security Center.) Most of this consisted of painfully strained Civil War analogies and the overuse of the word “Cyber” to describe absolutely everything. He made some good points — specifically, that in order to […]

attacks, legal, mitigations, SOA/XML, trusted client