ITSEF 2009
Attending the third annual IT Security Entrepreneurs' Forum (ITSEF) at Stanford was my first showing at a Security Innovation Network (SInet) function. Unlike the usual security conferences/hackercons, which unearth specific...
DoD offers Free Security training
Our tax dollars at work...or is it tax dollars from our work? Regardless, you can save budgetary resources by outsourcing security training to our government. A curriculum of free web based training from the Department of Defense...
When Smartphones Attack
A smartphone is only as smart as its user. This clearly explains why smartphones will soon be in the hackers' crosshairs. However, the subsequent application of appropriate security is a more complicated issue. Where should it be...
Thanksgiving Security
Thanksgiving, for most, is a time for family gatherings, overindulgence and a day or two off from work. It is also a day of relative security on the Internet (with the exception of the SCO website hack of 2004). Customary...
Quantum Computing: cryptographic challenges, but no end for security
Examination of the technical evolution within several industries reveals an approaching precipice of scientific change. The glacially paced, but inevitable convergence of quantum mechanics, nanotechnology, computer science, and...
Security patches: A losing battle
Since my participation in Friday's roundtable discussion (see previous blog entry) has probably made some wonder about my level of security comprehension, and question whether English is my first language, I thought I would try to...
Hacker 'schooled' in chat room
Last Friday, I participated in a roundtable discussion on the topic of "Best innovations in Security." Joined by notable security minds Jamey Heary, Dave Kearns, and Andreas Antonopoulos, an hour long chat room session ensued. I was...
The Olympic Games were Hacked
Another 0100 years have passed and the Olympic games have come to a close. While most of the world fixated on the athletes and their events, a few of us focused our attention on the competitive hacking in cyberspace. This year's...
Anti-Social Engineering
As a geek growing up, I had always admired and respected such magazines as Byte and Scientific American. While perhaps not understanding every article as a 12 year old, I still appreciated the technological significance of their...
Greetings from...(not Black Hat)...NI Week 2008!
While heading to Vegas for the mother of all hackercons, the back-to-back Black Hat USA 2008/Defcon 16 conferences,I had some technical difficulties with my travel arrangements. I managed to take a wrong turn somewhere and I now...
1 website and 1 statistic hacked every 5 seconds
As a security researcher, analyzing malware trends is a common task. This includes tracking data on the numerous types, variants, vectors and growth rates. Occasionally, the byproduct of research yields information more interesting...
There's still HOPE for hackers
The seventh and last HOPE (Hackers on Planet Earth) conference took place last weekend, bringing the 14 year old biennial hacker con to an end. Emmanuel Goldstein (Eric Corley), publisher of 2600 magazine, has been the brains behind...
Web 2.0, Security 2.0 and Hacking 2.0
Having to incorporate the term "Web 2.0" into my technocabulary was hard enough, but "Security 2.0" is just too ridiculous for me to absorb. Assigning words with numerical increments by buzzword hungry media vultures is a disgrace...
Take Two Hackers and VoIP me in the Morning
With over 10,000 magazines published in the US, I rarely have time to read all of them. But I do make an effort to set aside a few hundred hours each week to read as many of them as I can.Reading the current 2008/2009 Physicians...
The Reversible Denial-of-Resource CryptoViral Extortion Attack
Ransomware, although somewhat appropriately nicknamed, as it takes your data hostage demanding money for its release, has always implied an unnecessary emotional component. It is unforgivably insensitive to compare this to any type...
Intel’s War Gaming: A Blueprint for Security Success
Assessment of corporate security is a difficult but essential task. Regardless of industry, most companies allocate their IT resources to maintenance, upgrades, support and alignment with corporate strategy. While the necessity for...
DARPA attempting the impossible: Self-simulation for defense training
Although this news item first broke several weeks ago, I have been awaiting public analysis regarding its impracticability. Bereft of criticism, I will provide my own. The Internet began as a "store-and-forward" packet switching...
Wireline TeleCom tops FCC Complaint List
Catching up on my reading of unscrupulous behavior, I came across some interesting information from the Federal Communications Commission (FCC). Their Consumer Inquiries and Complaints Division is in charge of reviewing, mediating,...
Hackers will know what you’re wearing
You purchased your clothes, you're wearing your clothes, but now someone else 0wns them.Self-reliant clothing retailer, American Apparel, has added some technology into its LA based manufacturing process. It began placing radio...
Microsoft Security Intelligence Report scores low IQ
Redmond has recently published their semi-annual recap on the (in)security of their leading products. The Microsoft Security Intelligence Report (MSIR), released approximately two weeks ago, provides an "in-depth perspective" for...
