Archive for the ‘business’ Category

InfoSec Southwest 2012 Debrief

April 11, 2012

ISSW 2012 LogoA couple of weekends ago I hosted my first information security and hacking conference called InfoSec Southwest here in Austin, Texas.  Having been attending such conferences for over fifteen years, and being involved with those in such capacities as speaker, volunteer, and sponsor, I had a general idea of the amount of work that this undertaking would be and luckily I wasn’t too far off in my estimation.  Had this been much more work than I had expected, I just might have keeled over and died from over-stimulation and exhaustion…




February 29, 2012

ExploitHub LogoA few years ago, following the failure of WabiSabiLabi’s 0day auction site, I gave some thought to how to create a public marketplace for exploits that actually works.  Obviously given the example of WabiSabiLabi and a little common sense that any vulnerability researcher worth their salt would know, you can’t have a public market for 0day vulnerabilities.  As WabiSabiLabi quickly found out, by disclosing enough information about the vulnerability so that a potential customer can make a determination about whether or not to buy it, you’re likely giving up enough information about the vulnerability for them to find it themselves, given varying levels of time and effort.  Thus, you can really only market 0day to trusted customers and when your marketplace is open to the public, your customers are most definitely not trusted and consists of various demographics who have lots of disposable time on their hands to go hunt down your vulnerabilities.  So, what if we remove 0day from the equation entirely I thought? Could an open market for exploits of public vulnerabilities work? Would anyone actually buy such exploits?  ExploitHub was born, and it turns out the answer is yes.


InfoSec Southwest 2012

February 14, 2012

InfoSec Southwest 2012 LogoA few years ago, the idea came up at our local AHA! meeting that our group should host an information security and/or hacking conference here in Austin, Texas.  Some venue ideas were tossed around, some preliminary cost research done, but the idea never went much beyond that due to a number of reasons, foremost of which is that AHA! folk are very, very busy people, myself included.  Back then, none of us simply had the time or resources to make such an undertaking happen.  Fortunately, while I still don’t really have the time personally, I now have the resources in the way of paid staff that I can have plan and execute such an event, so mid-2011 or so I decided to do so.



February 6, 2012

It’s been quite a while since I’ve posted anything here other than the occasional conference report, and there are many more of those in draft form from the past two years that I didn’t even get around to finishing up and actually posting…  This is due to a variety of reasons, some of which include a complete change in career focus a couple years ago involving going into business for myself, to having very little free time due to the myriad of things I’ve got going on.  This however needs to change, as I need at least one outlet for my thoughts that isn’t constricted to 140 characters or the no-frills formatting that most of the social networks provide.  That said, it is my intention to write here more often, beginning with this post and continuing with more to follow over the next few weeks, mostly about the various ventures I’ve begun or have become involved in over the past few years.