How About an Award for Sleaziest Vendor Booth?

So here's an idea... Since many of us are in agreement that security vendors should have booth displays at security cons that reflect the strength of their technology instead of resorting to booth babes and trashy signs, why not do a little something to hold their feet to the fire? Let's have a contest at each conference for sleaziest booth. The vendor who wins gets a design-to-be-determined award sure to ...

Continue reading

Black Hat 2014 and Media FUD

I get it. I really do. I used to be an online journalist, and I know how much pressure there is to bring in page views. I'm sure I've even written a few headlines that played up the fear factor to get clicks. I'm human, and humans are often misguided. But if I've learned anything, it's that throwing around words like "terrifying" and "scary" do more harm than good -- ...

Continue reading

To Those Missing Security Summer Camp

I'm seeing a lot of friends online bumming out because they can't make it to Black Hat, BSidesLV and DEF CON this year. I feel for them. I missed four years in a row -- 2008, 2009, 2010 and 2011 -- because of a scheduled family event that landed in the same calendar position as the Vegas events. I don't regret skipping Vegas those years. Not for a second. In my world family comes ...

Continue reading

(ISC)2′s New App Security Council

Truth: I used to think (ISC)2 was one of the most useless organizations on the planet. They never seemed to listen to the people who had invested in their CISSP training. A couple years ago, people even started to brag about letting their certifications expire. But something happened that gave me renewed faith in the organization. A bunch of talented, well-known security professionals started running for seats on the (ISC)2 ...

Continue reading

Why Barnaby Jack Was So Good

The other day I found myself watching a video of Barnaby Jack's famed "Jackpotting" presentation from Black Hat 2010. Truth be told, I forgot how good he was. I know what you're thinking: "You're an idiot, Brenner. Of course he was good. He was one hell of a hacker. You shouldn't have to watch an old video to know that." Here's the thing: None of us will ever forget his showmanship ...

Continue reading

First-Time DEF CON Attendee? Watch This

If you haven't seen it yet, I highly recommend the DEF CON documentary that came out last year. For nearly two hours, you get a detailed history of the event and get a pretty good introduction to the major players who make the whole thing work. If you're going for the first time, the documentary, directed by Jason Scott Sadofsky, is must-viewing. http://youtu.be/rVwaIe6CiHw

What The Hell Just Happened Here?

I never could keep my mouth shut. When a conversation is going on, I can't just mind my business and focus on the work at hand. I have to be the man at the table who injects quips into the discussion; the guy who thinks he's not contributing properly unless he pontificates, no matter how ridiculous his words are. That was the scenario Friday when some of us Akamites (Akamai ...

Continue reading

Bill Brenner Is Joining Liquidmatrix

Fresh from the “why the hell didn’t I think of this years ago” files we have some news. Bill Brenner is joining Liquidmatrix! It will be nice to actually have someone writing again. Hint hint. (looking at the crew…myself included) Nothing like a comment made in passing to develop into a cool idea. Years ago Bill was the first media person to interview me for…well, any publication. ...

Continue reading

NSA Proof? $2 Million In Backing

The company Protonet is sitting in the right place at the right time. With the Snowden docs continuing to cause churn and the edition of Condoleezza Rice, former US Secretary of State, to the board at Dropbox, more people are looking for secure alternatives. Protonet was launched a year ago and on the heels of the Reset the Net movement decided to launch a courdsourcing initiative. From The Inquirer: The ...

Continue reading

Hershey Medical Center Data Breach

It seems that some 1,800 patients of the Hershey Medical Center may possibly have had their personal information breached. A staffer with the hospital had uploaded patient data to his home computer in order to work on it without having authorization to do so. From Lancaster Online: Officials at the hospital said in a press release Friday afternoon that results of an extensive internal investigation give no indication that any unauthorized ...

Continue reading