Archive for the ‘hack’ Category

REcon 2010

July 16, 2010

This last weekend I took a trip up to Montreal for REcon.  If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers.  As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline.  If you don’t understand assembly language, you’ll probably not get much out of at least half of the lectures.

(more…)

About these ads

SmartPhone Unlock Screens: Moving in the Wrong Direction

November 10, 2009

I recently purchased the Motorola Droid from Verizon, and am so far very happy with it.  Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it.  I have however, noticed that touch-screen smart-phone unlock screens (not just the Droid’s) are getting progressively less secure.

(more…)

MD5? Really?

January 7, 2009

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did.

(more…)

The Folly of a Scheduled Patch Release Cycle

December 11, 2008

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand on the issue.

(more…)

Penetration Test != Audit != Assessment

August 19, 2008

If someone is selling you a network penetration test, and then running a vulnerability scanner and handing you a report, you’re not getting what you paid for, period.

(more…)

DEFCON 16

August 14, 2008

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different.

Below are my thoughts on the talks I was able to attend.

(more…)

Sleep Hacking

June 23, 2008

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had the opportunity to before, at least not for extended periods of time; my body’s natural sleep cycle.

(more…)

ToorCon Seattle 2008

April 22, 2008

The ToorCon organization puts on some of the best conferences in my opinion, and this last weekend was version 1.0 of their Seattle conference (beta was last year, which I also attended). Friday night was entirely 5-minute lightning talks and then Saturday was entirely 20-minute turbo talks. Sunday was workshops, which unfortunately I could not attend since I had to fly back to Austin mid-day. Last year was invite only and if you were there last year you received a coupon code for a discounted rate this year ($300), otherwise it was a little expensive to attend ($1000). Overall there were a number of excellent speakers with excellent content.

Due to the sheer number of talks (and I did see all of them), I’ll only cover the ones I found most interesting below:

(more…)

Context-keyed Payload Encoding Whitepaper

January 28, 2008

Today, my research paper entitled “Context-keyed Payload Encoding” was published in Uninformed Journal vol. 9. If you’re into cutting-edge exploitation technology, you should check it out. This is the research I presented at ToorCon 9 last October.


Follow

Get every new post delivered to your Inbox.