Talking with Stewart Baker
So I went ahead and did a podcast with Stewart Baker, former general counsel for the NSA and actually somebody I have a decent amount of respect for (Google set me up with him during the SOPA debate,...
View ArticleClik here to view.
Safe Computing In An Unsafe World: Die Zeit Interview
So some of the more fun bugs involve one team saying, “Heh, we don’t need to validate input, we just pass data through to the next layer.” And the the next team is like, “Heh, we don’t need to...
View ArticleDefcon 23: Let’s End Clickjacking
So, my Defcon talk, ultimately about ending clickjacking by design. TL:DR: The web is actually fantastic, and one of the cool things about it is the ability for mutually distrusting entities to share...
View ArticleClik here to view.
A Skeleton Key of Unknown Strength
TL;DR: The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. This affects a universally...
View ArticleClik here to view.
I Might Be Afraid Of This Ghost
CVE-2015-7547 is not actually the first bug found in glibc’s DNS implementation. A few people have privately asked me how this particular flaw compares to last year’s issue, dubbed “Ghost” by its...
View Article“The Feds Have Let The Cyber World Burn. Let’s Put the Fires Out.”
I’ve made some comments regarding Apple vs. the FBI at Wired.
View ArticleClik here to view.
Validating Satoshi (Or Not)
SUMMARY: Yes, this is a scam. Not maybe. Not possibly. Wright is pretending he has Satoshi’s signature on Sartre’s writing. That would mean he has the private key, and is likely to be Satoshi. What...
View ArticleThe Cryptographically Provable Con Man
It’s not actually surprising that somebody would claim to be the creator of Bitcoin. Whoever “Satoshi Nakamoto” is, is worth several hundred million dollars. What is surprising is that credible...
View ArticleRead My Lips: Let’s Kill 0Day
0day is cool. Killing 0day, sight unseen, at scale — that’s cooler. If you agree with me, you might be my kind of defender, and the upcoming O’Reilly Security Conference(s) might be your kind of cons....
View ArticleHacking the Universe with Quantum Encraption
Ladies and Gentlemen of the Quantum Physics Community: I want you to make a Pseudorandom Number Generator! And why not! I’m just a crypto nerd working on computers, I only get a few discrete bits...
View Article
