At Black Hat/Defcon, Rich and I are always convinced we are going to be completely hacked if we use any connection anywhere in Las Vegas. Heck, I am pretty sure someone was fuzzing my BlackBerry even though I had Bluetooth, WiFi, and every other function locked down. It’s too freakin’ dangerous, and as we were too busy to get back to the hotel for the EVDO card, neither Rich or I posted anything last week during the conference. So it’s time for a mini BH/Defcon recap.
Update: based on questions over email- this is only part time and we expect you to have another job, and we are looking for 1-2 people to test the idea out. Also, if you are on the Contributing Analyst track, we’ll focus more on research and writing, and you won’t be asked to do much of normal intern-level stuff.
“Hi, my name is Adrian, and, uh … I am a technologist” …
Yep. I am. I like technology. Addicted to it in fact. I am on ‘Hack A Day’ almost once a day. I want to go buy a PC and over-clock it and I don’t even use PCs any more. I can get distracted by an interesting new technology or tool faster than a kid at Toys R Us. I have had a heck of a time finishing the database encryption paper as I have this horrible habit of dropping right down into the weeds. Let’s look at a code sample! What does the…
First, a bit of a caveat. Andrew Jaquith of Forrester is an excellent analyst and someone I know and respect. This is a criticism of a single piece of his research, and nothing more.
I have always felt the punctuated equilibrium of database technology is really slow, with long periods between the popularity of simple relational ‘desktop’ databases (Access, Paradox, DBIII+, etc) and ‘enterprise’ platforms (DB2, Oracle, SQL Server, etc). But for the first time in my career, I am beginning to believe we are seeing a genuine movement away from relational database technology altogether. I don’t really study trends of relational database management platforms like I did a decade or…
When I was a kid, the catchphrase “Computers don’t lie” was very common, implying that machines were unbiased and accurate, in order to engender faith in the results they produced. Maybe that’s why I am in security – because I found the concept to be very strange. Machines, and certainly computers, do pretty much exactly what we tell them to do, and implicit trust is misguided. As their inner workings are rarely transparent, they are perfectly suited to hiding all sorts of shenanigans,…
Over the past few weeks we’ve seen yet two more security stories get completely blown out of proportion in the press. The first was, of course, the DDoS attacks that were improperly attributed by most commentators to North Korea. The second, no surprise, was the Great Twitter Hack of 2009, which might also be referred to the Great Cloud Security Collapse.
There was an article in Sunday’s Arizona Republic regarding to the Federal Trade Commission’s requirements for any company handling sensitive customer information. Technically this law went into effect back in January 2008, but it was enforced due to lack of awareness. Now that the FTC has completed their education and awareness program, and enforcement will begin August 1st of this year, it’s time to begin discussing these guidelines. This means that any business that collects, stores, or uses…
I apologize to those of you reading this on Saturday morning – with the stress of completing some major projects before Black Hat, I forgot that to push the Summary out Friday morning, we have to finish it off Thursday night. So much for the best laid plans and all.
If you have read my overviews of Oracle database patches long enough, you probably are aware of my bias against the CVSS scoring system. It’s a yardstick to measure the relative risk of the vulnerability, but it’s a generic measure, and a confusing one at that. You have to start somewhere, but it’s just a single indicator, and you do need to take the time to understand how the threats apply (or don’t) to your environment. In cases where I have had complete understanding of the nature of a…