risk

DEFCON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence

I presented a talk at the DEF CON 101 track of DEF CON 23 this year; for those of you who have been directed to the site from the talk, you can find the slides on this site here: DEF CON 23: The Only Way to Be Sure: Obtaining and Detecting Domain Persistence Note that […]

attacks, mitigations, risk

Fingerprint Login and Authentication

With Apple’s introduction of Touch ID for the new iPhone 5S, there’s been a lot of news coverage of their new fingerprint-based unlock system. People want to know: is it secure? Can someone bypass it? But the thing about fingerprints is that they’ve been easy to bypass for more than 20 years.

authentication, hardware, industry, risk

South Carolina Hack Attack Root Causes

Recently, the South Carolina Department of Revenue was hacked, losing tax records on 3.6 million people — that is, most of South Carolina’s population. These contained Social Security numbers at the very least, as well as 3.3 million bank account numbers, and may have been full tax returns (they haven’t said.) There’s been the usual […]

attacks, mitigations, risk

DefCon 19, Day 2

My experiences attending DefCon 19.

attacks, industry, networks, products, risk

DefCon 19, Day 1

Having finished with BlackHat, I checked out of the Flamingo and moved to DefCon’s new location this year, the Rio. This was an enormous upgrade from the Riviera, the previous location. For one, the conference center is nearly 50% bigger, and it’s beautiful. Traffic flow was greatly improved, despite record attendance (~12,000, from estimates I’ve […]

industry, physical security, privacy, risk, society, statistics, terrorism