So apparently quite a few people have come to expect and enjoy my summaries of conferences I’ve attended, because I’ve already gotten a number of inquiries as to why I haven’t yet posted about this last weekend’s ToorCon. In short, it’s because I wasn’t there!
A number of years ago, as the Internet became more and more mainstream, websites and web services began to push to the forefront of online business and society. This generally required allowing users to create accounts with these increasingly complex sites and services, and thus, the entities providing them had to then manage those accounts. […]
If someone is selling you a network penetration test, and then running a vulnerability scanner and handing you a report, you’re not getting what you paid for, period.
I’ve never been a fan of most certifications. I’ve always been even less a fan of formal degrees in education, at least for technology-centric industries. I’ve always argued that my body of work is my credential, and if a potential employer were to reject my application on the basis that I didn’t have a certain […]
DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on […]
DNSSEC, which I mentioned in my previous post about mitigation for Kaminsky’s recent DNS cache poisoning flaw, are the SECurity extensions for the Domain Name System (DNS). It essentially adds cryptography to DNS, allowing authoritative nameservers to cryptographically sign their zones and resource records, which in turn allows caching/recursive nameservers to verify them. This prevents […]
Obviously the first thing everyone should be doing is to apply the patches that the major vendors rolled out, and do it quickly. It is no longer the time for debate in regard to whether or not you really do need to patch… the answer to that question is quite clear; Yes. Yes you do. […]
It’s been quite a while since I wrote or updated DFW, the I)ruidic FireWall. Included with that utility is a default iptables firewall policy which the user can use directly, tweak to their liking, or completely throw away and start over from scratch. NetFilter (iptables) has come a long way since I was actively working […]
Recently the OSVDB Blog had an interesting article regarding vulnerability duplication via the “hazard of 0day” wherein a vulnerability being exploited in the wild was mistaken for a new vulnerability when in fact it was not. This caused many of the vulnerability database vendors to issue new IDs, send out threat warnings, bring in the […]
While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had […]