The paradox of our security measures

["Dave Aitel" <dave.aitel2 () gmail com>]

I like the smaller security conferences better. Big conferences are like
weddings - just enough time to remind people you're still alive and pass
along a phone number or email address. There's usually less media glare and
so speakers can avoid the prostrations necessary to avoid painful PR battles
and just get straight to the technical facts. For example, one of the
speakers demonstrated 4 different vulnerabilities in various anti-virus
products. It was just part of the talk, not meant as publicity whoring.

One thing I liked as well was Thomas Lim's introductions which provided a
context to the talks. Recently the Hong Kong police have had confidential
information leakage via  a P2P program called "Foxy", for example. Likewise
the Beijing Olympic tickets are going to have RFID chips with everyone's
name and address, passport number, picture, birthday, and anything else an
identity thief would want. It's a great way to build up a huge database, I
guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you
can just pick that information right out of the air. Like Anti-Virus and
IDS, RFID is another cool example of how adding a security measure ends up
reducing your security.

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave