The other, one which many have ignored, in fact, is the story of the security announcement that wasn’t. indeed, cnet reports that Charles Edge, security researcher and head of 318 Inc., was going to present a talk on Apple’s FileVault encryption software system. He isn’t going to anymore. Not because the flaw disappeared somehow, but because Apple asked him nicely not to.Our advice? Use something else, for now. In fact, there’s a nice open-source solution called Truecrypt that might just do the trick. It seems there’s a Mac version out, even.
In the wake of the BlackHat conference (a place for security professionals and enthusiast amateurs to mingle, exchange war stories and generally try to out-hack each other) two stories will remain like rocks in the stream of memory, to be carried away only when some new deluge (such as, say, next week) rolls over.
One is the story of Dan Kaminsky, who to his credit played his part to the end and delineated once again in the conference the potentially dire consequences of the flaw he found – a good while after world+dog had contemplated them of their own accord – yes, the DNS system is the underpinning of many things, including the ill-thought Verified by Visa program. But that’s a story for another day.