Archive for September, 2009

Updates to the Map of Crypto Law.

September 30, 2009 Leave a comment
Google Map of International Crypto Law

Google Map of International Crypto Law

There have been a few updates to the famous map of crypto laws lately, for those new to the map, or who have forgotten it I’ve linked the picture above to it.

Fell free to mail me with corrections and additions.

H.R 2221 – The Federal Data Accountability and Trust Act

September 30, 2009 Leave a comment

This week I’ve been working my way through H.R 2221 – the “Data Accountability and Trust Act” . This proposed legislation is making its way through the Committee on Energy and Commerce at the moment, and if passed, will rationalize data protection legislation across the USA at a federal level. Read more…

Speaking at Focus 2009, Vegas on October 7th.

September 28, 2009 Leave a comment

On October 7th I’ll be chairing a “Birds Of A Feather” session on the use of McAfee encryption products at our 2nd Annual user conference – Focus 2009. This session will be a chance to put me on the “Hot Seat”, and a chance to ask probing questions about McAfee’s current, and future product strategy.

I’ve done a few of these in the past, some have been very constructive, and have led to wide ranging product changes based on customer experiences we just didnt consider, some have been mud-slinging sessions though. I hope we’ll have the former, though I’m quite happy to sit through both.

For those coming to Focus who read this Blog, please feel free to find me and introduce yourselves – I’ll be at the conference answering questions and helping out throughout.

You can contact me via Twitter (CTOGoneWild) – I’ll be monitoring the #focus09 feed throughout the duration, or you can post a comment here.

I’m especially interested in knowing what kind of things you’d like to see discussed during this session, so if you have a question about our products or design strategy, tweet me (or comment) so we can properly answer them on the day.

Think Like A Spy…

September 25, 2009 Leave a comment

PhishingRecently John Sileo spoke at the Department Of Defense’s Joint Family Readiness Conference on the topic of identity protection and theft. As a two time victim of identity theft, John is well placed to speak from the heart about the practical, factual, and emotional aspects of this problem, and though I was not able to attend his presentation the writeup on his presentation is well worth a read.

John advocates a couple of thought processes which I’ll let you read the details of directly from the transcript, but to summarize he encourages us all to “Think Like A Spy” – to question the validity of the request for information at every stage, and with every person. Read more…

Elite turns 25, or How I met David Braben

September 24, 2009 2 comments

This week marks the 25th anniversary of one of the most famous computer games ever published – Elite, by David Braben and Ian Bell.

Released to the world on September 20th, 1984 for the 8 bit BBC Microcomputer. Initially rejected by the software publishers of the time, Elite was picked up by Acornsoft and managed to sell 1,000,000 copies on a whole range of platforms. Written by two guys, without the help of a studio, artists, or project managers, and entirely in assembler, for a machine which had less memory “than most emails”, it stands the test of time as one of the finest examples of how gameplay trumps visual beauty every time.

Read more…

Missouri’s new Data Protection Disclosure Law.

September 21, 2009 Leave a comment

Although maybe unnoticed, a month ago Missouri finally joined that heady club called “States which have Data Privacy Laws”.

On 28th August, the “Missouri Data Breach Notification Law”, or House Bill 62 took effect, not protecting, but at least enforcing care and attention of residents personal information (Social Security Numbers, Driver’s Licence Numbers, and information which could be used to access a residents financial accounts). Note I use the word “resident”, because, as with the other 47 or so State laws, this one applies to the Residents of Missouri, not to the businesses. If you have Missouri resident information in your datacenter in Tinbuktoo, you are still required (under civil and actual damages) to comply. Read more…

Cold Boot Attacks Revisited (again).

September 16, 2009 2 comments

Following my recent post on FireWire Attacks, I thought I’d follow up on that other classic Full Disk Encryption exploit, The “Cold Boot Attack”.

Back in February 2008 a group of clever Princeton students published their infamous paper “Lest We Remember: Cold Boot Attacks on Encryption Keys“. Though the retention of data in RAM chips has been known since their invention, and certainly since at least 1978, The “Princeton Paper” reminded us that when you turn a computer off, it does not mean all the data from memory is instantly gone, and of course, if something important remained, like an encryption key, then your computer security might be vulnerable. Read more…