Spyware vs. Anti-Spyware
February 2004
In this presentation you will learn about the sneakiest spyware and the best counter measures. Commercally available spyware can now record phone conversations, secretly take pictures through your webcam, and record conversations near your computer. Spyware trumps even the best encryption software. Learn how to get rid of spyware, before it gets you!
PDF Slides   

Survey of Spyware and Countermeasures
April 2003
Learn about the products and devices used by hackers (and employers and spouses) to uncover passwords and otherwise pry into your affairs. These spyware tools can often defeat even the best encryption software. Fortunately there are counter measures, some built for that purpose, and others such as personal firewalls and system management tools that can do double duty. You will learn about the sneakiest spyware and the best counter measures.
PDF slides

Big Brother Slept Here
February 2002
The Big Brother in Orwell’s 1984 had many offspring who are alive and well in advertising, in schools, in media, and in government. We will demonstrate how the audience already knows how to comply with Politically Correct Speech guidelines. Examples will include successes in rewriting history (e.g., how the US won the cold war in the 1990s after loosing it in the 1950s), and in low-tech surveillance to induce self-censorship (e.g., the Taliban government). Advertisers have turned out to be the well-funded adversaries to personal privacy and non-conformist behavior (e.g., saving money).
PDF slides

The Trouble With Standard Protocols
February 2001
Years of effort have produced robust security protocols like SSL and S/MIME, yet vendors keep developing custom protocols. The reason is that the standard protocols make assumptions that contradict the realities of several markets. We explore how variations on the standard protocols can meet real-world constraints on bandwidth, latency, code-size, battery power, and CPU speed. There are also deeper issues like trust-models and the trade-offs between safety, privacy, and non-discretionary controls.
PDF slides

Simplifying Complex Security Assessments
April 2003
When vendors try to solve hard security problems like secure content distribution or multi-enterprise supply chain integration, they create complex systems that range from tamper resistant hardware, to cryptographic algorithms and protocols, to operating systems and up to application development paradigms. Assessing the security of such products is a daunting task. This talk uses a case study approach to illustrate general principles for choosing layers, interfaces, and assumptions to decompose the assessment into simpler components.
PDF slides

Making Reverse-Engineering Harder
February 2001
The security of many software applications rests on the software’s ability to hide a secret key, or to prevent tampering with a certificate, or to ensure that calls to security routines have not been replaced with do-nothing instructions. Vendors are surprised that it can take less than a week for a cracked version of their program to be posted on the Internet. Follow along as we crack a secure download client and reverse-engineer a registration-key algorithm to produce a registration-key generator. We end by explaining several techniques to make your applications harder to crack.
PDF slides

Understanding Hardware Random Number Generators
February 2000
Cryptographic Keys are the cornerstones of modern security, so it is important to choose them carefully. Often hardware random number generators are recommended to create keys. How exactly do these devices work? This talk defines true randomness more precisely and describes hardware mechanisms for generating it. We explain the physics behind the generators based on radioactive decay, thermal resistive noise, and shot-noise from diode breakdown. We also discuss the engineering issues that arise when the theory is turned into practical products.
PDF slides