Weak Passwords: Mel Brooks warned us

Look back more than 20 years and you'll find that we were warned about the dangers of weak passwords long before it was much of a thought in anyone's minds. The warning came from Mel Brooks in a 1980s Star Wars spoof called "Spaceballs." Observe: http://youtu.be/_JNGI1dI-e8 Class dismissed.

How About an Award for Sleaziest Vendor Booth?

So here's an idea... Since many of us are in agreement that security vendors should have booth displays at security cons that reflect the strength of their technology instead of resorting to booth babes and trashy signs, why not do a little something to hold their feet to the fire? Let's have a contest at each conference for sleaziest booth. The vendor who wins gets a design-to-be-determined award sure to ...

Continue reading

Black Hat 2014 and Media FUD

I get it. I really do. I used to be an online journalist, and I know how much pressure there is to bring in page views. I'm sure I've even written a few headlines that played up the fear factor to get clicks. I'm human, and humans are often misguided. But if I've learned anything, it's that throwing around words like "terrifying" and "scary" do more harm than good -- ...

Continue reading

To Those Missing Security Summer Camp

I'm seeing a lot of friends online bumming out because they can't make it to Black Hat, BSidesLV and DEF CON this year. I feel for them. I missed four years in a row -- 2008, 2009, 2010 and 2011 -- because of a scheduled family event that landed in the same calendar position as the Vegas events. I don't regret skipping Vegas those years. Not for a second. In my world family comes ...

Continue reading

(ISC)2′s New App Security Council

Truth: I used to think (ISC)2 was one of the most useless organizations on the planet. They never seemed to listen to the people who had invested in their CISSP training. A couple years ago, people even started to brag about letting their certifications expire. But something happened that gave me renewed faith in the organization. A bunch of talented, well-known security professionals started running for seats on the (ISC)2 ...

Continue reading

Why Barnaby Jack Was So Good

The other day I found myself watching a video of Barnaby Jack's famed "Jackpotting" presentation from Black Hat 2010. Truth be told, I forgot how good he was. I know what you're thinking: "You're an idiot, Brenner. Of course he was good. He was one hell of a hacker. You shouldn't have to watch an old video to know that." Here's the thing: None of us will ever forget his showmanship ...

Continue reading

First-Time DEF CON Attendee? Watch This

If you haven't seen it yet, I highly recommend the DEF CON documentary that came out last year. For nearly two hours, you get a detailed history of the event and get a pretty good introduction to the major players who make the whole thing work. If you're going for the first time, the documentary, directed by Jason Scott Sadofsky, is must-viewing. http://youtu.be/rVwaIe6CiHw

2014 Edition of the Verizon DBIR

Yes, it's here. Go get it. [PDF] And remember the wise words of Michael R. Farnum Calling all InfoSec speakers with no imagination! Your 2014 material is ready! Go get your Verizon #DBIR today! http://t.co/PKpp7DaX49— Michael R. Farnum (@m1a1vet) April 22, 2014 I'll update this post as various analysis comes in from people who know what they're talking about.

Security Briefing: July 24th

For today's Security Briefing we have a post on the opt-in conversation that seems to have been imported to Canada. This is a slippery slope if governments start to head down this path. Reminder: for those of you heading off to security summer camp, don't forget to sign up for parties while you're there. Here is the post with the list of parties that we're tracking. And now, the security ...

Continue reading

Security Briefing: July 23rd

The news is a little thin this week. Makes for a little challenge getting the Security Briefing pulled together. It is almost as if there were a series of security conferences coming up next week. ;) For those of you heading off to security summer camp, don't forget to sign up for parties while you're there. Here is the post with the list of parties that we're tracking. Speaking of tracking, ...

Continue reading