Useless Password Advice

The mainstream press is full of articles telling you how to use secure passwords, like this one in MSNBC or this one in TechNewsDaily. They echo the traditional wisdom on password security — use a long password, put numbers and symbols and multiple cases in it, and don’t record it anywhere. Well, I suppose there’s […]

authentication, mitigations, passwords

BlackHat 2009, Day 2

The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services being used […]

anonymity, attacks, crypto, hardware, industry, legal, networks, passwords, risk, society

BlackHat 2009, Day 1

The annual Vegas security conference is upon us again, and there have been plenty of interesting presentations. Last year, it felt like WiFi was the “theme” of the year — this year, the most interesting (and well-attended) briefings were on SSL and mobile devices. The Wednesday keynote was presented by Douglas Merrill, the COO of […]

attacks, crypto, industry, passwords, risk

Two-Factor Auth for World of Warcraft

Blizzard Entertainment, makers of the phenomenally-successful multiplayer game World of Warcraft, have introduced two-factor authentication for logging into the game.  For $6.50, they’ll sell you a dynamic password keychain token called the Blizzard Authenticator, which looks much like the RSA keyfobs many in the IT industry use to log into their corporate VPNs. It may […]

attacks, authentication, hardware, passwords, products, risk

Ubuntu/Debian CRNG Cracked – SSH Vulnerable

I don’t usually post about newly-discovered vulnerabilities, simply because there are so many of them — a dozen come out every day, especially in web applications.  However, this one has further-reaching consequences.  Security researcher HD Moore (of Metasploit fame) has discovered a vulnerability in the OpenSSL cryptographic random number generator used by Debian Linux, the […]

attacks, authentication, crypto, passwords