Dan’s Seattle Toorcon 0day keeps going and going and going and going.
If you’re looking for details, the details that were leaked, confirmed, retracted, and denied, here’s a description and a mirror.
So if you run your own DNS, upgrade already as you should have some time ago when you were first told to do so.
Perhaps I [...]
Category Archives: Information Security
The DNS Drama
July 23, 2008 – 1:03 am
The encrypted traveler
April 27, 2008 – 5:05 pm
As border enforcement as using increasingly invasive tactics, a traveler that has any privacy concerns for the data that they are carrying (especially if visiting the United States) will very likely take steps to protect themselves.
Examples:
FindLaw:
The Ninth Circuit, in a decision announced this summer, has approved forensic searches of laptop computers at the border, even [...]
My talk at Seattle Toorcon 2008
April 19, 2008 – 9:52 pm
I gave a little talk this weekend at the second Seattle Toorcon.
My presentation is as follows, though as usual, I ad lib when presenting. Video may appear in the future.
Software liability
December 22, 2007 – 8:17 am
Another perennial topic that seems to come up whenever I am speaking to someone who is a consumer of technology. If they are one of the people that I actually bore with some of the details about what I do, it isn’t uncommon for me to talk about their individual concerns about internet security and [...]
Symantec and commercial spyware
December 21, 2007 – 5:39 pm
I have no sympathy for the consumers of Solid Oak as discussed, if that is the right word, in the well circulated Chloe Albanesius article dramatically entitled “Update: Symantec Screwup Is ‘Worse Than Any Virus.‘”
Yes. Let’s be as sensational as possible far beyond the point of legitimacy. Good plan, Chloe. I’m sure your frothing editors [...]
Politics in system security
December 19, 2007 – 8:20 am
I’m surprised that some of these behaviors that I mentioned a year ago haven’t changed.
Yesterday many Apple users were installing a system security update. Depending on what article you read, this was either a really huge deal involving “monsters” and giant failures or a snoozefest of local vulnerabilities and not much of an issue at [...]
Bruce Schneier Facts
December 6, 2007 – 9:54 am
It is always great when people make old memes new again. Like the Chuck Norris Facts morphing into a way more entertaining Bruce Schneier meme.
I guess someone noticed that the beard was a fit, so now some guys in the UK are selling these shirts and providing an endless amount of Bruce Schneier Facts.
These guys [...]
ITCi 2007
November 12, 2007 – 2:42 pm
This is the presentation that I gave earlier this week at the ITCi Conference in San Diego, California. It was well received and fostered a lot of interesting discussion.
My recording of the event on my laptop had enough problems as to be distracting, so I gave up on using it to export a real-time presentation. [...]
Truecrypt on OSX
October 16, 2007 – 7:02 am
I’m tired of waiting for a cross-platform whole disk encryption solution that isn’t garbage and/or highly proprietary.The Truecrypt people have been talking about and promising it for years. It’s been used by lots and lots of alpha-nerds on Windows and Linux.Perhaps these guys that seem like they’re scamming on FD will get it done.
Security Information Management [SIM]
October 8, 2007 – 6:33 am
This is no simple task as there is a lot of sales material that will promise anything, but from the presentation of the architecture and real-world benchmarking, a clear image may present itself.Two of the large commercial research firms authored materials were also gathered to assist in this mater, though one of them was shockingly inaccurate, unfamiliar with the history and utility of the tools in practice, and offered some very poor advice in its conclusions. Unfortunately this is all too common in my experience with commercial research, so the wise buyer of capital investment level hardware and software would be best served to spend the time evaluating each architecture, dependancies, and challenges if they are able.That being said, I will begin my presentation: A SIM implementation has the ability to solve a variety of problems at once due to its evolution from a log management platform.
