Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

A Password Is Not Enough 6: Disk Encryption with the Phalanx Toolset

Description of the Phalanx, a disk encryption tool released by Daniel Selifonov, some security assumptions and general conclusions are what this part is about. And so, the tool I’m releasing – it’s, really, a proof-of-concept experimental code; I call it Phalanx (see right-hand image). It is a patched...

A Password Is Not Enough 5: Secure Architecture Design

Daniel Selifonov dissects a blueprint reflecting virtually attack-proof system architecture that prevents disk encryption from being seriously compromised. So, let’s look at a blueprint (see right-hand image), what I think we should have for getting a system from a cold boot up into when we have our...

A Password Is Not Enough 4: Using TPM to Combat Specific Attacks

Based on Daniel Selifonov’s perspective, learn the security measures prior to authenticating to a PC and the way TPM protects from hardware and reset attacks. We want to then develop a protocol that a user can run against the computer so that they can verify that the computer has not been tampered with...

A Password Is Not Enough 3: Trusted Platform Module as a Means for Measured Boot

The subjects being touched upon by Daniel Selifonov here include securing the sensitive data stored in main memory and computer integrity verification issue. Can we do anything about a DMA attack angle? As it turns out, yes we can. Recently, as part of new technologies for enhancing server virtualization,...

A Password Is Not Enough 2: Crypto Attack Vectors

Daniel Selifonov now delves into the prevalent types of attacks one could pull off to compromise encrypted data on a computer. I break attacks into three fundamental tiers (see right-hand image). First off, non-invasive, which is something that you might be able to execute with just a flash drive; you...

A Password Is Not Enough: Why Disk Encryption Is Broken and How We Might Fix It

Software engineer Daniel Selifonov taking the floor at Defcon 21 to touch upon aspects of full disk encryption, including the motivations, methods, and hurdles. Hi! We’re here to talk about full disk encryption; why you’re not really as secure as you might think you are. How many of you encrypt the hard...

That Awesome Time I Was Sued for Two Billion Dollars 5: Inglorious End of the Insane Case

Jason Scott tops his instructive presentation off with narrating on how the weird legal case against him fell apart and what conclusions he drew out of it. By this point, he’s summarized the damages (see right-hand image) such that the summary for reasonable counsel’s fees, that is to say, himself suing...

That Awesome Time I Was Sued for Two Billion Dollars 4: Who Is the Eccentric Plaintiff?

Jason Scott now provides some background details on the guy who attempted suing him for distributing his book online, and moves on with the legal story. So, who the hell is this moonbat? Because at this point, you’re like: “Dude, that’s nuts!” And really, honestly that’s kind of my take on...

That Awesome Time I Was Sued for Two Billion Dollars 3: Weird Legal Threats Through Mail Drops

BBS archivist Jason Scott elaborates on the contents of the insane legal notices he was receiving from the Paul Andrew Mitchell guy for a few years since 1998. At the time that he started to write these letters to me, at one point he indicated that the Lenham Act permits triple damages (see right-hand...

That Awesome Time I Was Sued for Two Billion Dollars 2: Trademark and Intellectual Property Claims

Jason Scott’s presentation continues with highlights of some trademark issues he ran into, and the description of the most unusual intellectual property case. It turns out that the BARDEX, which is a trademark of C.R. Bard, is only to be used as urological catheter. It is not to be used in enemas (see...