Archive for November, 2007

Metroid Security Mechanism

November 16, 2007

Having recently played most of the way through Metroid Prime 3: Corruption, I came across an interesting security mechanism in the game that I haven’t really seen paralleled in the real world…




November 13, 2007

My second Microsoft Patch Tuesday at the new employer was fairly uneventful. This Tuesday there was only one patch rated critical, MS07-061, and as it turns out it was the bug that I had already worked on last week. Essentially all I had to do was update my strikes from last week with the new reference and rename them, and our team was essentially done. You can read the details about the patched vulnerability over at the BreakingPoint BreakingPoint blog.

CSI 2007

November 8, 2007

CSI 2007 was the first time I’ve ever attended a CSI conference. I was actually a CSI member way back in the day when I was running my own consulting firm and needed as many business development avenues to explore as possible, but after closing my consultancy and going back to work for The Man(tm) I didn’t keep up my membership as I really wasn’t getting much out of the organization at that point. For some reason I had never attended any of their conferences. The CSI Annual Conference is billed as “The leading management, strategy and policy event for today’s security professionals”, so it’s a very different conference from what I’m used to. While I generally attend the more technical events, this one was targeted at an entirely different demographic. There was a lot of large enterprise and government presence, and I got plenty of scowls as people noticed my green hair, but in the end I believe I won most of them over…

The evening of my talk there was also a Capture the Flag game. Unfortunately I wasn’t aware of this until I ran into Dave Aitel that evening and he told me about it, or I would have had my laptop with me and been prepared to compete. This game was essentially a race through various goals with clues and hints along the way. The guy that won achieved the final goal at just under 2 hours. One potential vulnerability that I pointed out to the event organizers was that most of the information was given away to the audience in the observation room near the start of the competition, and had the competition not been 3 floors underground where there was no cellular signal, I could have easily relayed the information to Dave’s mobile via SMS or AIM or something. Had we had some other form of local wireless communication, cheating would have been trivial. Perhaps next time they’ll not give away so much information at the beginning to the audience…

Below are my thoughts on the couple of talks I was able to attend. Unfortunately I was only there for the one day that I was speaking and I was busy preparing to speak and recording a shorter version of my talk to actually attend many of them.