Tamper Resistant Point of Sale Machine Isn’t

By Space Rogue 2 comments

When I see something labeled tamper-resistant or even tamper-proof I don’t assume it is secure I just think that it is a little more difficult to break into than something that isn’t tamper-resistant. Three researchers at the University of Cambridge have figured out that PIN entry keypads used for Chip+Pin transactions in the UK are […]

Less Than Two Weeks to Source2008

By Space Rogue 1 comment

So I was having lunch with one of the organizers of the Source Boston 2008 conference yesterday (Spicy Beef Bowl, mmmmm) and realized that this is going to be one really great conference. Not only are there big name speakers like Richard Clarke, Steven Levy and Dan Geer there are some well respected security industry […]

AES = XOR = Secure? WTF!?!

By Space Rogue 1 comment

I don’t have time for all of the stupidity out there but this is just to stupid to let pass by. Easy Nova a German company that makes a variety of computer storage accessories, recently released a hard drive case with hardware data encryption with 128-bit AES and access control via an RFID chip. Which […]

Responsible disclosure for vendors?

By Space Rogue No comments

If a vendor finds a vulnerability in a competitors code are they obligated to tell them? What exactly is ethical and or responsible disclosure when it comes to competing vendors? Among security researchers the general consensus these days is to notify the vendor and then wait a reasonable amount time for a patch to be […]

Most Security is Useless

By Space Rogue No comments

Looks like I missed this the first time around but there is an article about a speech recently given by Peter Tippet, a VP at Verizon and a scientist at ICSA labs, who talks about how useless most security actually is. Most of his points are ones that I have been making for years like […]

Uncle Sam Needs You (Geek!)

By Space Rogue 3 comments

Thats right the US Air Force is looking for a few good geeks. And evidently they are willing to relax a few of the requirements of military service to get them. According to this quote in Wired Major General William Lord of the US air Force’s Cyber Command said “So if they can’t run three […]

Feds Use Spyware

By Space Rogue No comments

Ever hear of CIPAV? It is some pretty bad-ass spyware that tracks every website, every chat, every email that you send from your computer. Maybe you know it by its more common name Computer and Internet Protocol Address Verifier. Sounds pretty official for a piece of nefarious software. Guess what, it is the software used […]

PWN to Own Take 2

By Space Rogue 1 comment

The folks over at CanSecWest will once again be hosting their popular PWN to OWN contest at this years con. I wrote about last year’s contest that was won after a spl0it was found in Quicktime that allowed the attacker to PWN the Mac laptop. This year they are also putting up an Ubuntu and […]

Quickies and L0pht News

By Space Rogue 3 comments

There have been a lot of things happening in the security world lately that I have wanted to write about like Geekonomics, the half million pictures pilfered from MySpace and the accompanying torrent file, how the NSA has wrestled control of the nations cyber-security away from DHS, how the recently proposed Protect America Act won’t, […]

L0pht reunion? Source 2008

By Space Rogue No comments

Well it looks there may be a mini reunion of old L0pht folks. We are still trying to round everyone up but there will more of us together on one stage than there has been for over ten years. (Damn, has it really been that long?) Anyway it will be at the Source 2008 conference […]