Security Ethics? Are there any?

By Space Rogue No comments

I have a list of websites that I read as part of my morning ritual just like everybody else. It helps fritter away the first few minutes of the day as I wait for my tea to cool to a drinkable temperature. Like most of the people who visit my little blog here you probably […]

Defacement Archive May Close

By Space Rogue 1 comment

One of the more popular features of HNN (The Hacker News Network) was the daily list of web page defacements that was maintained at the time by Attrition.org. Maintaining such an archive soon overwhelmed Attrition and the task was taken over by Alldas. After the demise of Alldas, a small (at the time) upstart security […]

SourceBoston WrapUp

By Space Rogue 2 comments

I had been waiting for the folks at Source Boston to update their website with relevant materials before I posted a recap but they are probably waiting until Monday and I know I won’t have time to post anything then. So be sure to check their site for presentation slides, videos, and whatnot, but in […]

More USB Snake Oil

By Space Rogue 1 comment

I’m still busy recovering from the excellent Source Boston conference and I will post a recap soon but I wanted to get this out there. Last week I wrote about RFID enabled external hard drives that supposedly offered secure encryption of your data that turned out to be simple XOR. Well now USB thumb drives […]

Last Day for Source2008

By Space Rogue No comments

Yesterday I unfortunately missed James Atkinson’s talk at Source Boston but evidently it scared a few people and pissed off a few others. I did manage to catch Carole Fennelly’s talk about Incident Response Plans which was very informative even for me. And of course people are still talking about Dan Geer’s keynote. Still great […]

Smart People

By Space Rogue No comments

Sometimes I wonder if people who are revered in their field are really all that smart. I am pretty sure that some people have achieved their positions not because they know their subject matter but because they are just charismatic people who are adept at politics and manipulation. However, as I sit here listening to […]

Source Boston 2008 Going on NOW!

By Space Rogue No comments

SourceBoston 2008 Going on now and for the next two days. If your anywhere near Cambridge MA you should head over. The shear number of smart security people in this hotel is mind boggeling. Seriously, you can’t turn around without seeing someone else who is a major industry luminary. Already listened to talks by Tito […]

More secure products that aren’t

By Space Rogue 3 comments

Think that cool USB thumb drive you just bought with the word of ‘encryption’ written in big letters all over the package is really secure? Think again. ComputerWorld recently reviewed seven ‘secure’ USB drives and basically found that they are all crap. Either they have no security or all or they use AES in ECB […]

Tamper Resistant Point of Sale Machine Isn’t

By Space Rogue 2 comments

When I see something labeled tamper-resistant or even tamper-proof I don’t assume it is secure I just think that it is a little more difficult to break into than something that isn’t tamper-resistant. Three researchers at the University of Cambridge have figured out that PIN entry keypads used for Chip+Pin transactions in the UK are […]

Less Than Two Weeks to Source2008

By Space Rogue 1 comment

So I was having lunch with one of the organizers of the Source Boston 2008 conference yesterday (Spicy Beef Bowl, mmmmm) and realized that this is going to be one really great conference. Not only are there big name speakers like Richard Clarke, Steven Levy and Dan Geer there are some well respected security industry […]