RB2: AusCERT podcast: Peter Gutmann's keynote address
The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain.
Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?
This talk will look at some widespread examples of defending where the enemy isn't, including the underlying threat models (or lack thereof), the effectiveness of the defences, and the real-world pressures and externalities that affect them, along with various modest proposals for alternative approaches.
$600 million buys you a lot of fail, apparently...6 days 2 hours ago
Get your fill of the week's news!6 days 2 hours ago
The Grugq spitballs some secure IM ideas...1 week 6 days ago
More news than we know what to do with...1 week 6 days ago
I guess corporations protect us from governments now. Weird.2 weeks 6 days ago