Blog - Author Posts

Do We Need A New Internet?

By Adrian Lane
I ran across this article last week in the Arizona Republic regarding redesign of the Internet. This was very much in line with one of the recurring topics that seemed to be discussed in the halls at Caesars Palace during Black Hat: how might we change the Internet if we were to start from a clean slate? There are clearly many motivating factors to do so, from the fragility and dependency issues of the Internet on DNS as discussed by Kaminisky , email spam , DDOS, use of a basically insecure connectionless protocol for the vast majority of transactions, to encrypting all

Visual Forensic Analysis

By Adrian Lane
During the second day at Black Hat, somewhat depressed by yet another futile attempt to locate coffee and fighting human gridlock, I decided that it was no longer worth the effort and simply sat down in the nearest conference. And I am glad I did as that random selection of presentations turned out to be one of my favorites of the week. The presentation was called Visual Forensic Analysis and Reverse Engineering, presented by Gregory Conti and Erik Dean. I would offer a link for you, but I have been unable to find the slide deck on line. It is

What to Buy, Part Two

By Adrian Lane
So we took the plunge at the Lane household and bought an iMac. That is the good news. The bad news: it was my wife, and not me, who made the purchase. My wife’s laptop performed the 25 month post-warranty belly flop while I was at DefCon. A few flickers on the monitor and nothing. A very cold no-boot followed. So off we went to Fry’s today and after an hour browsing she wandered by the Macs. She was looking at the iMac and asked. “Where is the box? Doesn’t this thing have a disk drive?”, to which

Insurers Mining Consumer Data

By Adrian Lane
I saw this article in the Arizona Republic Monday about how the insurance companies are able to save money by gathering health care records electronically, make more accurate analyses of patients (also saving money) and be able to adjust premiums (i.e., make more money) based upon your poor health or various other things. You know, like ‘pre-existing’ conditions, or whatever concept they choose to make up. Does anyone think that they will be offered an option? The choice of not providing these electronically? Not a chance. This will be the insurer’s policy, and you can choose to not

Network vs. Application Security

By Adrian Lane
Should network and application security proceed along separate, independent tracks? Should software security focus solely on the in-context business issues concerning security, and have network security focus on not allowing the software and infrastructure to be undermined? This is one of those concepts that has been brewing in the back of my mind for some time how. Different data, different availability, and different contexts provide different value propositions and I am not sure they are effective surrogates for one another. A bunch of Hoff’s posts add fire to this thought, and the whole Kaminsky debate shows the value of

UMG Piracy Trial

By Adrian Lane
The piracy trial is getting interesting. Vivendi SA’s Universal Music Group won a $222,000.00 verdict against defendant Jammie Thomas for making songs available via Kazaa. The problem is that no one downloaded the songs; they were only discovered by MediaSentry. The entire case hangs what constitutes “making available”, and how it differs from distribution. The judge in the case actually stated he may have committed a “manifest error of law” by instructing the jury that making files available is the same as distribution. Oops. What happens if I leave partition open on my computer accidently, and that partition has music

Clear Database Stolen

By Adrian Lane
Nice! The Clear database was on a laptop that was stolen at SFO. What a great database breach to shed light on this implied-security-related-but-really-not revenue opportunity known as Clear. I guess I am chuckling about this, but as I don’t know what is contained in that data set, I do not know how dangerous this leak is to the members who signed up for it. Since this really does not have much to do with security or official identity, is it really a crime if you create a fake version of this Clear card to cut to the front

Security Researchers Discover ... 5 Stages of Disclosure Grief

By Adrian Lane
Denial: “Dan may be smart, but Tom Ptacek states the obvious that this isn’t a new threat. Maybe a new spin on an old flaw.” Anger: “Dan didn’t find shit. He read RFC3383 …” and “Dan has brought NOTHING new to the table. Simply made a name for himself by regurgitating the same old problems.” Bargaining: “… the sky was already falling before Dan opened his mouth, …”, and “This is just another reason why we need DNSSEC”, and “What Should Dan Have Done?” Depression: “What can we say right now? Dan has the goods.” Acceptance: “Dan Kaminsky Disqualified from Most

The Art of Dysfunction

By Adrian Lane
Another off-topic post. They say when you are frustrated, especially with someone in an email dialog, write-delete-rewrite. That means write the reply that you want to write, chock full of expletives and politically incorrect things you really want to say, and then delete it. Once you are finished with that cleansing process, start from scratch, writing the politically correct version of your reply. This has always been effective for me and kept me out of trouble. One problem is I never delete anything. Quite the opposite- I save everything. Some of the best stuff I have ever written falls into

NitroSecurity’s Acquisition of RippleTech

By Adrian Lane
‘I was reading through the NitroSecurity press release last week, thinking about the implications of their RippleTech purchase. This is an interesting move and not one of the Database Activity Monitoring acquisitions I was predicting. So what do we have here? IPS, DAM, SIM, and log management under one umbrella. Some real time solutions, some forensic solutions. They are certainly casting a broad net of offerings for compliance and security. Will the unified product provide greater customer value? Difficult to say at this point. Conceptually I like the combination of network and agent based data collectors working together, I like
Page 72 of 74 pages ‹ First  < 70 71 72 73 74 >