mitigations
South Carolina Hack Attack Root Causes
Recently, the South Carolina Department of Revenue was hacked, losing tax records on 3.6 million people — that is, most of South Carolina’s population. These contained Social Security numbers at the very least, as well as 3.3 million bank account numbers, and may have been full tax returns (they haven’t said.) There’s been the usual [...]
BlackHat USA 2011, Day 1
I spent last week in Las Vegas, for BlackHat USA 2011 and DefCon 19 — my annual security conference pilgrimage. Overall impression: the quality of the actual presentations was below-average this year, but it was still an educational experience, a good professional networking event, and probably the most fun I’ve had at DefCon so far. [...]
Useless Password Advice
The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s [...]
BlackHat 2010: Day 1
I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat [...]
Secure Use of Cloud Storage
At BlackHat Briefings USA 2010 in Las Vegas this year, I presented a session entitled “Secure Use of Cloud Storage,” covering ways that developers can use and misuse cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service (S3) and SimpleDB. While the released versions are available on the BlackHat official website, [...]
