Archive for January, 2007

Diebold Fails as Badly at Physical Security as They Do at Digital Security

January 29, 2007

I love Diebold, I really do… they’re a non-stop fountain of hilarity… I can’t believe they are still in business.

Vulnerability Disclosure, Cryptography Research, and Open Source

January 23, 2007

Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two other side-bars arguing the case for keeping vulnerability information secret or only telling the software vendors as well as the hybrid option that has sprung up in the last few years termed “responsible disclosure.”


EUSecWest 2007

January 18, 2007

I’ve been invited to speak at EUSecWest 2007, an information security conference in London on March 1st and 2nd. I’ll be giving an updated version of my VoIP Attacks! presentation.