Infosec-Soapies
Honey, I’m home!! – Hacking Z-Wave & other Black Hat news
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in 2010 and is expected to exceed $5.5 billion in 2016. Under the hood, the Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems. Zigbee is based on an open specification (IEEE 802.15.4) and has been the subject of several academic and practical…
Twitter killed the (infosec) Blogging Star ?
Like it, hate it or just plain struggling to understand it, Twitter has made a huge impact across a wide range of fields. We use it fairly heavily internally for simulated water-cooler chatter and quick link-exchange. (like any piece of sp-geek-over-engineering we also have a tweet-bot to convert tweets to emails, and convert blog notifications to tweets). It’s pretty clear though, that once we started tweeting internally, people started blogging…
2 pieces of coolness…
a) was the politely dropped kaminsky firefox bug [http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070620.html] It still requires a click for command execution, but considering its multi platform firefox ownage sans shellcode, i think its cool.. i think its even cooler that dan dropped it sans any fanfare.. b) has to be Pusscat‘s attack on the SMBv2 Remote bug published on [the VRT blog..] From the post: “we get lucky here as well in that there…
John Viega’s “the myths of security”.. Really??
i go through a ton of books. Over the past 10 years, this has been dominated by books on computer security, computer science, programming (and some sprinklings of management classics). I generally stay away from writing reviews, but was genuinely suprised at the number of 5 star reviews Viega’s new book had received and felt i had to chime in. I picked up “the myths of security” (what the computer…
Apple gets some clue points?
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff.. I think for most…
Episode 9 of the ITSecurity Pubcast..
Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not have the voice for it.. Ahh.. some day ill find my niche.. Till then, you can listen to the pubcast [here] and SensePosters can grab the mp3 [here]
Should InfoSec companies be betting on PCI ?
The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing to determine if “the Payment Card Industry Data Standards Reduce Cybercrime?” Risky Business played snippets of the hearing under the apt title: “Washington spanks PCI DSS” – Like most episodes of RB, its well worth the listen.. One of the “merchants” giving testimony made his point quite succinctly. The credit…
Like deja-vu (all over again)
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different forms) and it seems like CansecWest this year has seen a resurgence of it.. From Charlie Millers comments on the Safari bug: “Did you consider reporting the vulnerability to Apple? I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a…
Top Ten Web Hacking Techniques of 2008
(aka – Whoot! we are almost famous!!) Jeremiah Grossman’s panel of judges (Rich Mogull, Chris Hoff, HD Moore and RFP) hath spoken (or spake) and the top 10 web-hacking techniques of 2008 have been published. Of course we would be lying completely if we said it wasn’t cool to make it into the top 10 (and doubly cool to make it twice in the top 10!).. Im sure there will be lots…
HITB08 – Marcus Ranum Keynote on CyberWar..
I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]). I watched Marcus Ranums “Cyberwar is Bullshit” talk. A talk that was truly wince-worthy! While the talk will make you scream at the screen a few times, it is worth watching just to see the Q&A section after the talk.. It’s quite clear that Ranum gets owned more thoroughly than his online…
Page 1 of 3
Next