BlackHat 2009, Day 2

The Thursday keynote was given by Bob Lentz, a Deputy Assistant Secretary of Defense for the United States. His main point was the paradigm shift from network-centric security to what he called content-centric security, and the fact that this devalues the protections around network perimeters. Static defenses don’t work when all the services being used […]

anonymity, attacks, crypto, hardware, industry, legal, networks, passwords, risk, society

A “Clear” Case of Failure

Clear, the “trusted traveler” program that allowed customers to bypass airport security lines, has shut down.  The story is an interesting case of bureaucratic disincentives and general failure around the whole mess known as airport security. A privately-run alternative to the TSA’s Registered Traveller program, Clear started out with what seemed like a good idea […]

risk, society, terrorism

False Expense Service Reveals the Trouble With Documents

There’s been some news coverage lately about, a service that produces fake receipts to order “for novelty use only.” The obvious purpose of this is to help people scam their companies’ expense reporting system by “padding” receipts.  People who are reimbursed for hotel, meals, etc. can create receipts for slightly more than they actually […]

attacks, authentication, legal, society

Charter Communications Using Ad Replacer

A story in the New York Times tells us that Charter Communications (the United States’s fourth-largest cable company) is going to start tracking user behavior and using it to sell ads.  They spin this as a potential problem because of privacy implications — it means that the cable company is watching your web surfing so […]

anonymity, legal, society

Ad Replacers Let Dan Kaminsky RickRoll the Entire Web

I’ve talked before about ad replacers, where ISPs dynamically edit the contents of web traffic for their customers, replacing ads on web sites with ads of their own. This is a threat to the business model of the internet, as if done on a wide scale it would render small, advertiser-supported websites unable to support […]

attacks, legal, society