Two BlackHat Stories

One is the story of Dan Kaminsky, who to his credit played his part to the end and delineated once again in the conference the potentially dire consequences of the flaw he found – a good while after world+dog had contemplated them of their own accord – yes, the DNS system is the underpinning of many things, including the ill-thought Verified by Visa program. But that’s a story for another day.

The other, one which many have ignored, in fact, is the story of the security announcement that wasn’t. indeed, cnet reports that Charles Edge, security researcher and head of 318 Inc., was going to present a talk on Apple’s FileVault encryption software system. He isn’t going to anymore. Not because the flaw disappeared somehow, but because Apple asked him nicely not to.Our advice? Use something else, for now. In fact, there’s a nice open-source solution called Truecrypt that might just do the trick. It seems there’s a Mac version out, even.