Tag security

This week I gave a talk at SecTalks BNE0x18 about how I solved last month's boot-to-root CTF. I've put the slides up now (you'll need to enable JavaScript for the remarkjs slides to work).

I was stoked when Patrick Gray took up my suggestion to ask Marcus Ranum to reflect on "The Six Dumbest Ideas in Computer Security".  I encourage you to listen to the interview for yourself, but my summary of it is that Marcus was mostly...

Project Honeypot just published a report of their experience in processing 1 billion spam messages.  Highlights for the impatient: For the past 5 years, spam "bots have grown at a compound annual growth rate of more than 378%. In other words, the...

For a long time, i've told my clients and friends that the best way to make a password is to write a short sentence or phrase. A recent study linked from Slashdot IT reinforces this. The executive summary: if you make your password 13 or more...

Richard Bliss recently blogged at Novell and on his personal blog with some great advice: don't click on e-cards from your friends, and think about asking them not to send them at all, since the risks of clicking on e-cards vastly outweigh the...

cnet has a really interesting article about a clever trojan horse application which steals money from online banking accounts while the user is logged into them, and displays false balance details to the user so they don't know what's going on....

Network world and SANS are reporting a new attack on wireless encryption, specifically, WPA with TKIP. The attack takes 60 seconds, and renders this combination almost as useless as WEP has been for some time. It's time to check your security...

ABC's Four Corners has an interesting episode about cybercrime and how it can affect ordinary people. Check it out on iView: http://www.abc.net.au/iview/#/view/419222. (The program's victims were a little unsympathetic in my opinion, but they...

This presentation, recently linked on Bruce Schneier's blog is so profound it needs plugging at every opportunity: From Roger Johnston, funny -- and all too true -- stuff. [Bruce Schneier's Crypto-gram]

CSO Online has a really interesting article about generational differences from the perspective of IT security. While i'm sure it's not highly accurate from a sociological perspective and is probably guilty of overgeneralising, it still offers...