risk
BlackHat 2009, Day 2
The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services [...]
BlackHat 2009, Day 1
The annual Vegas security conference is upon us again, and there have been plenty of interesting presentations. Last year, it felt like WiFi was the “theme” of the year — this year, the most interesting (and well-attended) briefings were on SSL and mobile devices.
The Wednesday keynote was presented by Douglas Merrill, the COO of [...]
A “Clear” Case of Failure
Clear, the “trusted traveler” program that allowed customers to bypass airport security lines, has shut down. The story is an interesting case of bureaucratic disincentives and general failure around the whole mess known as airport security.
A privately-run alternative to the TSA’s Registered Traveller program, Clear started out with what seemed like a good idea — [...]
Two-Factor Auth for World of Warcraft
Blizzard Entertainment, makers of the phenomenally-successful multiplayer game World of Warcraft, have introduced two-factor authentication for logging into the game. For $6.50, they’ll sell you a dynamic password keychain token called the Blizzard Authenticator, which looks much like the RSA keyfobs many in the IT industry use to log into their corporate VPNs.
It may seem [...]
The Black Hat Tax
Auren Hoffman at Summation has an interesting post on the “black hat tax.” Essentially, how much do hackers and other online criminals actually cost us? He estimates it at 25% of time and resources, after taking into account not just hackers but also scammers, phishers, and responding to law enforcement requests. According to James Currier [...]
