Carry On Leaking: When Corporate Security Goes Really, Really Wrong

I had a nice time being interviewed by The Guardian regarding my disclosure of a password leaked from the Nuclear Regulatory Commission. While the NRC insists that this is a non-issue (and in the case of this protected system was the case), it exposes a deeper and more fundamental problem regarding how  systems are secured in the first place. First, the fact that this one file and nothing else in that directory was visible indicates Discretionary access controls rather than Role-based or mandatory. Furthermore, it shows that this type of problem can lie unsolved for years and affect more systems than people realize.

The Guardian: Carry On Leaking: When Corporate Security Goes Really, Really Wrong

 

DEFCON 23

The convention was fairly productive and wildly entertaining for me this year for a multitude of reasons. First, I did not go to a single talk. Instead, I decided to go the video and slide route so I could focus on the villages, interacting with others (who knew socializing could be fun), and getting into trouble. I acquired various tools, talked with several interesting people, helped empty a significant amount of alcohol from the various bars, and may have had my share of wireless mayhem in the 2.4 GHz spectrum.

More details and photos to come as I lazily update everything.

Cheers,

-H