(ISC)2′s New App Security Council

Truth: I used to think (ISC)2 was one of the most useless organizations on the planet. They never seemed to listen to the people who had invested in their CISSP training. A couple years ago, people even started to brag about letting their certifications expire. But something happened that gave me renewed faith in the organization. A bunch of talented, well-known security professionals started running for seats on the (ISC)2 ...

Continue reading

Why Barnaby Jack Was So Good

The other day I found myself watching a video of Barnaby Jack's famed "Jackpotting" presentation from Black Hat 2010. Truth be told, I forgot how good he was. I know what you're thinking: "You're an idiot, Brenner. Of course he was good. He was one hell of a hacker. You shouldn't have to watch an old video to know that." Here's the thing: None of us will ever forget his showmanship ...

Continue reading

First-Time DEF CON Attendee? Watch This

If you haven't seen it yet, I highly recommend the DEF CON documentary that came out last year. For nearly two hours, you get a detailed history of the event and get a pretty good introduction to the major players who make the whole thing work. If you're going for the first time, the documentary, directed by Jason Scott Sadofsky, is must-viewing. http://youtu.be/rVwaIe6CiHw

What The Hell Just Happened Here?

I never could keep my mouth shut. When a conversation is going on, I can't just mind my business and focus on the work at hand. I have to be the man at the table who injects quips into the discussion; the guy who thinks he's not contributing properly unless he pontificates, no matter how ridiculous his words are. That was the scenario Friday when some of us Akamites (Akamai ...

Continue reading

Bill Brenner Is Joining Liquidmatrix

Fresh from the “why the hell didn’t I think of this years ago” files we have some news. Bill Brenner is joining Liquidmatrix! It will be nice to actually have someone writing again. Hint hint. (looking at the crew…myself included) Nothing like a comment made in passing to develop into a cool idea. Years ago Bill was the first media person to interview me for…well, any publication. ...

Continue reading

NSA Proof? $2 Million In Backing

The company Protonet is sitting in the right place at the right time. With the Snowden docs continuing to cause churn and the edition of Condoleezza Rice, former US Secretary of State, to the board at Dropbox, more people are looking for secure alternatives. Protonet was launched a year ago and on the heels of the Reset the Net movement decided to launch a courdsourcing initiative. From The Inquirer: The ...

Continue reading

Hershey Medical Center Data Breach

It seems that some 1,800 patients of the Hershey Medical Center may possibly have had their personal information breached. A staffer with the hospital had uploaded patient data to his home computer in order to work on it without having authorization to do so. From Lancaster Online: Officials at the hospital said in a press release Friday afternoon that results of an extensive internal investigation give no indication that any unauthorized ...

Continue reading

Mt. Gox “Found” Some Missing Bitcoins

Exactly how does this happen? Sheer incompetence, that's how. Today I read that Mt. Gox discovered an "old" wallet with 200,000 bitcoins in it. What the ever living...are you kidding me? From CNN: "On March 7, 2014, Mt.Gox Co., Ltd. confirmed that an old-format wallet which was used prior to June 2011 held a balance of approximately 200,000 BTC," the statement said. Karpeles said that the discovery was reported to lawyers on March 8. ...

Continue reading

Spy Satellites Backdoored

Oh this just keeps getting better. Apparently some back doored parts made in the US were discovered in a couple of brand new spy satellites. From Defense News: A United Arab Emirates (UAE) deal to purchase two intelligence satellites from France worth almost 3.4 billion dirhams (US $930 million) is in jeopardy after the discovery of what was described as “security compromising components.” A high-level UAE source said the two high-resolution Pleiades-type ...

Continue reading

Mailbag: A package from Jericho

On September 7, I received a small package from Jericho (@attritionorg) as a "prize" for submitting a picture of Lazlo near SCADA gear.  I finally got to meet him in Las Vegas this summer at BSidesLV and DEF CON.  We must have trolled each other for at least a year on twitter about CyberSCADASquirrels.  One day we'll probably publish a whitepaper on the correlation between the population density of squirrels and ...

Continue reading