mitigations
BlackHat USA 2011, Day 1
I spent last week in Las Vegas, for BlackHat USA 2011 and DefCon 19 — my annual security conference pilgrimage. Overall impression: the quality of the actual presentations was below-average this year, but it was still an educational experience, a good professional networking event, and probably the most fun I’ve had at DefCon so far. [...]
Useless Password Advice
The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s [...]
BlackHat 2010: Day 1
I’ve just returned from a trip to BlackHat Briefings USA 2010 and DefCon 18. As always, it was an enjoyable week in Las Vegas learning about the latest research, networking with the surprisingly small world of security professionals, and generally having fun hanging out with a lot of interesting people with the hacker mindset. BlackHat [...]
Secure Use of Cloud Storage
At BlackHat Briefings USA 2010 in Las Vegas this year, I presented a session entitle Secure Use of Cloud Storage, covering ways that developers can use (and misuse) cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service (S3) and SimpleDB. While the released versions are available on the BlackHat official website, [...]
BlackHat 2008, Day 2
The second day of BlackHat 2008 began with a keynote speech by Rod Beckstrom, the director of NCSC (the National Cyber Security Center.) Most of this consisted of painfully strained Civil War analogies and the overuse of the word “Cyber” to describe absolutely everything. He made some good points — specifically, that in order to [...]
