Most that know me know that I’m an avid gamer. I play video games, board games, card games, puzzles, pretty much anything I can get my hands on. Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than […]
First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months. It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions. What I’m […]
A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers. Since then, many other vendors have followed suit. There are opinions and arguments supporting both a release schedule philosophy as well […]
I’m not going to talk about their underlying quest to end the Federal Reserve (with which I wholeheartedly agree), or about their multi-site raid by the FBI last year where all of their current inventory and all of the metals backing the Liberty Dollar warehouse receipts (paper currency) were confiscated. No, I’m not going to […]
For the last week or so, I’ve been tasked with implementing Application Simulators in the BreakingPoint product for the OWAMP and TWAMP protocols, RFC 4656 and RFC 5357, respectively. These are honestly two of the most poorly written protocol specifications that I’ve ever read. Luckily, they’re rather short. Not only are many parts vague and […]
I’ve never been a fan of most certifications. I’ve always been even less a fan of formal degrees in education, at least for technology-centric industries. I’ve always argued that my body of work is my credential, and if a potential employer were to reject my application on the basis that I didn’t have a certain […]
DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on […]
Obviously the first thing everyone should be doing is to apply the patches that the major vendors rolled out, and do it quickly. It is no longer the time for debate in regard to whether or not you really do need to patch… the answer to that question is quite clear; Yes. Yes you do. […]
Recently the OSVDB Blog had an interesting article regarding vulnerability duplication via the “hazard of 0day” wherein a vulnerability being exploited in the wild was mistaken for a new vulnerability when in fact it was not. This caused many of the vulnerability database vendors to issue new IDs, send out threat warnings, bring in the […]
CSI-SX is the new branding for the CSI NetSec conference, which is co-located with Interop Las Vegas, and is essentially the security-focused portion of the overall conference. As with the annual CSI conference, this conference targets a different demographic than I’m used to speaking for as the attendance is usually comprised of very large enterprise […]