DEFCON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence

I presented a talk at the DEF CON 101 track of DEF CON 23 this year; for those of you who have been directed to the site from the talk, you can find the slides on this site here: DEF CON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence Note that […]

attacks, mitigations, risk

South Carolina Hack Attack Root Causes

Recently, the South Carolina Department of Revenue was hacked, losing tax records on 3.6 million people — that is, most of South Carolina’s population. These contained Social Security numbers at the very least, as well as 3.3 million bank account numbers, and may have been full tax returns (they haven’t said.) There’s been the usual […]

attacks, mitigations, risk

BlackHat USA 2011, Day 1

I spent last week in Las Vegas, for BlackHat USA 2011 and DefCon 19 — my annual security conference pilgrimage. Overall impression: the quality of the actual presentations was below-average this year, but it was still an educational experience, a good professional networking event, and probably the most fun I’ve had at DefCon so far. […]

attacks, crypto, mitigations, products

Useless Password Advice

The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s […]

authentication, mitigations, passwords

BlackHat 2010: Day 1

I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat […]

attacks, authentication, crypto, industry, mitigations, products