Charlie Miller On Hacked Batteries, Cloud Security, And The iPad

[Guest]

Accuvant Labs' Charlie Miller talks to Tom's Hardware about the Defender's Dilemma, the security of data in the cloud, looking for vulnerabilities in notebook batteries, and the ramifications of using Apple's iPad in an enterprise environment.

Charlie Miller On Hacked Batteries, Cloud Security, And The iPad : Read more

 

[Darkerson]

Pretty interesting read. Keep up the good work!

 

[pepe2907]

Good call, but whoever actualy read the license agreements knows software manufacturers refuse any possible liability for any damages.
If something is going to change, this should be the first. With these license agreements you can't claim anithing. But this change will not be easy.

 

[DavC]

interesting read!

 

[mayankleoboy1]

No matter how much security you build into a system, if the user really wants to run a piece of malware they think will show them some naked pictures, they're going to figure out a way to run that program.

exactly

 

[mayankleoboy1]

if only software could be people-proof.

 

[jacobdrj]

[citation][nom]mayankleoboy1[/nom]if only software could be people-proof.[/citation]
"A farmer notices his chickens are getting sick, he calls in a physicist to help him. The physicist takes a good look at the chickens and does some calculations, he suddenly stops and says "Ive got it, but it would only work if the chickens were spherical and in a vacuum."" - Big Bang Theory...

 

[slicedtoad]

So is it safe to say that as an end user we shouldn't be over concerned about personal computer security?
Here's my checklist. Don't download unknowns, don't password reuse (for the important stuff anyway), get a decent av (like eset) and keep your computer up to date.
Multi-layered security on a home pc doesn't make sense, nor does 15 character alpha-numeric passwords (in most cases). No one is going to specifically target you or your pc.

 

[weaselsmasher]

An awful lot of "people like me" "researchers like me" "guys like me" "me me me me me" there.

What's this article really about, security or celebrity?

 

[christop]

Enjoyed this..Wish I had a few 0days sitting around to sell..

 

[PreferLinux]

[citation][nom]pepe2907[/nom]Good call, but whoever actualy read the license agreements knows software manufacturers refuse any possible liability for any damages.If something is going to change, this should be the first. With these license agreements you can't claim anithing. But this change will not be easy.[/citation]
Yes, but whether that is fully legal or not is another story.

 

[cangelini]

[citation][nom]weaselsmasher[/nom]An awful lot of "people like me" "researchers like me" "guys like me" "me me me me me" there.What's this article really about, security or celebrity?[/citation]

I'm inclined to answer "security" and a guy who knows an awful lot about it ;-)

 

[AlanDang]

[citation][nom]weaselsmasher[/nom]An awful lot of "people like me" "researchers like me" "guys like me" "me me me me me" there.What's this article really about, security or celebrity?[/citation]

Nothing wrong with both, right? The people I invite to interview are people who do a good job of explaining complex technical things in a straightforward manner. At some point though, if you get to keynote an international NATO conference on cyber security, you deserve a little bit of bragging rights. But truthfully, Charlie is still a normal, down-to-earth-guy when doing an interview... and that's a win for everyone. You guys get access to cool content that's rarely discussed at other websites, and it's not too boring to read... and it's free. I can tell you it's way more fun talking with engineers as opposed to PR people...

 

[Guest]

@Alan Dang, you wrote: "But it seems like in today's world, the end-user is playing a less important role. The end-user with the latest software updates who is also savvy to social engineering cannot protect himself against hackers who steal credit card data from Sony."
This is incorrect: many banks sell "virtual" credit cards services: these CC number work only for one purchase, so users *can* protect themselves.
But the sad part in this case is that it's the security conscious users who pay the cost of the protection against hackers, not Sony and the other stupid companies storing credit card numbers on unsecured servers..

 

[dndhatcher]

The article is very interesting. I tried to listen to the keynote and my eyes glazed over. He's obviously got expertise with the subject matter, but could use some presentation training before he starts on the lecture circuit.

 

[slicedtoad]

@dndhatcher
really? i delayed watching it for a while cause it was long but damn was it interesting. He certainly isn't in PR but he's not bad at speaking. Certainly better than mr. facebook.

 

[Guest]

Battery as an attack vector is at least (almost) as old as the original PSP. One way to install custom firmware to it is to modify the battery. Search for "pandoras battery" if you want to know more.