Secure Use of Cloud Storage

At BlackHat Briefings USA 2010 in Las Vegas this year, I presented a session entitled “Secure Use of Cloud Storage,” covering ways that developers can use and misuse cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service (S3) and SimpleDB. While the released versions are available on the BlackHat official website, […]

attacks, mitigations, SOA/XML

BlackHat 2008, Day 2

The second day of BlackHat 2008 began with a keynote speech by Rod Beckstrom, the director of NCSC (the National Cyber Security Center.) Most of this consisted of painfully strained Civil War analogies and the overuse of the word “Cyber” to describe absolutely everything. He made some good points — specifically, that in order to […]

attacks, legal, mitigations, SOA/XML, trusted client

BlackHat 2008, Day 1

Today was the first day of this year’s BlackHat Briefings in Las Vegas. The biggest security conference of the year, it’s always an interesting place to be and often involves the release of new and previously unknown exploits. The keynote speaker was Ian Angell, of the London School of Economics, who was speaking, ostensibly, about […]

attacks, hardware, industry, mitigations, SOA/XML

The DNS Exploit Revealed… and used

So, Dan Kaminsky’s DNS exploit I previously mentioned has been revealed. It turns out that what Kaminsky found was pretty much what I speculated — he just had it put together into a coherent attack, and fully recognized the implications. If I want to poison your DNS server, say, to redirect to my malicious […]

attacks, mitigations

The Mysterious DNS Exploit

On Tuesday, July 8th, Microsoft’s usual package of patches seemed to end-users like every other Patch Tuesday — some security updates to various and sundry Windows files to patch security vulnerabilities unknown.  However, it contained something very unusual this time — a design change to DNS. DNS has been around since the 1970’s, so people […]

attacks, mitigations