Interview with Billy Barron, co-author of "Maximum Security 4/e"
by Mirko Zorz - Tuesday, 22 April 2003.
However, a product can not solve 100% of the problems. All help desks need to have carefully thought out procedures for correcting identifying their users to avoid this problem.

What's your take on the full disclosure of vulnerabilities?

Unlike most security people, this is an issue that I really don't get worked up about. I see both sides of the argument and think that people who think they are going to get everybody handling disclosure the way that they want are kidding themselves. My view is that vendors should do what they feel is right while being prepared for somebody to air their dirt on the Internet without warning. If customers do not like a vendor's disclosure policy, they should spend their money with someone else.

What are your future plans? Any exciting new projects?

My plans right now is to continue expanding the Password Station.NET product to more and more systems. My newest project is a suite of new products called 1Touch Admin that will be released by Avatier Corporation. The purpose of the new products is to securely create, modify, enable, disable and remove computer accounts on a cross-platform basis. HIPAA has made the ability to do this quickly critical in the health-care industry.

The existing user provisioning products on the market each have their problems. Many of them take weeks to install, do some operations in an insecure manner (such as not-encrypting network traffic), or not allowing the delegation of provisioning authority. 1Touch Admin will take minutes to install, will encrypt all traffic across the network, and allow the degelation of authority while having an easy to use web front-end.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st