What your phone company knows about you

Posted by & filed under /dev/random, Security News.

Malte Spitz made an excellent talk on TED in June explaining the greater consequences of the EU data retention directive. Everybody that has a mobile phone should watch this video. Also, check out the excellent (and scary) visualization of the data from his cell phone over six months by the German newspaper Zeit.

Speaking session at OWASP NYC Chapter

Posted by & filed under /dev/random.

I’ll speak at the OWASP NYC Chapter at Bank of New York Mellon this Thursday, check the link for getting on the waiting list (at the time of writing, the meeting is fully booked). I’ll speak about hardware hacks (not lock picking, but rather how to use hardware to attack software), and present my tool Inception… Read more »

iPad 3 vs The New iPad: What Apple has learned from Don Draper

Posted by & filed under /dev/random.

WSJ ran a rather lengthy article yesterday about Apples newest tablet, the iPad 3. One of the things that struck me was the paragraph treating the new name of the iPad: Apple didn’t provide much explanation for its decision not to use a specific name—such as the much-rumored iPad 3 handle–which some branding experts said… Read more »

Forklift SPAM

Posted by & filed under /dev/random.

Now, I’m used being touted Viagra in emails, but Forklifts are new to me. This morning my email inbox filled up with these: Someone seems to be able to bypass GMail’s SPAM filters quite effectively (for now)… Too bad I can’t fit a local solar installation into my shoebox-sized NYC flat.

Hey corporations: Provide a easy way to disclose vulnerabilities to you!

Posted by & filed under /dev/random, Hacking & Pentesting, Secure Development.

Lately I’ve seen several cases where people openly discuss discovered web vulnerabilities in big corporations’ web sites, and often disclosing technical details because the person that discovered didn’t find or didn’t bother looking hard enough for a phone number or email address to the relevant security response team. Even though some of the cases above are… Read more »

Slides from passwords^11

Posted by & filed under /dev/random.

I’ve uploaded my slides from passwords^11 where I talked about endpoint protection and mobile security. Check it out here: Endpoint security and mobility v.1.1.print. Check out the video for the full presentation including a live demonstration of the coldboot attack. I highly recommend the conference, very interesting presentations and a nice atmosphere!