This video shows how Google provides physical and logical security for their data center customers. Quite interesting, and I especially enjoy the 80′s music in the background.
Posts Tagged: Security
Speaking session at OWASP NYC Chapter
I’ll speak at the OWASP NYC Chapter at Bank of New York Mellon this Thursday, check the link for getting on the waiting list (at the time of writing, the meeting is fully booked). I’ll speak about hardware hacks (not lock picking, but rather how to use hardware to attack software), and present my tool Inception… Read more »
Hey corporations: Provide a easy way to disclose vulnerabilities to you!
Lately I’ve seen several cases where people openly discuss discovered web vulnerabilities in big corporations’ web sites, and often disclosing technical details because the person that discovered didn’t find or didn’t bother looking hard enough for a phone number or email address to the relevant security response team. Even though some of the cases above are… Read more »
Fire through the wire
Update: FTWAutopwn is now named Inception: I’ve created a standalone page for the tool here, please be referred to that page for updates on the tool. The last days I’ve been working on an alternative to winlockpwn (unlocking locked Windows boxes through FireWire SBP2 DMA) using libforensic1394. Now I’ve released an alpha version of the tool, Fire… Read more »
Openness and disclosure may be the only remedy against operations like the “Shady RAT”
McAfee recently disclosed the result of five years of investigation of a threat actor that have compromised 72 targeted organizations. While the sheer number and time span of the attacks, not to mention the compromised parties’ identities (for instance, the United Nations was hacked) are enough to raise an eyebrow or two, two paragraphs in the article particularly caught my… Read more »
winlockpwn on Ubuntu
Update: I’ve released a tool at github called Inception, which uses libforensic1394 to unlock Windows XP, Vista and Windows 7 boxes. IMNSHO, it is much more stable than winlockpwn, easier to use and works against a wider spectrum of target operating systems. Quite regularly I’m being asked to demonstrate the FireWire attack made by MetlStorm aka… Read more »
Speaking session at AFSecurity 20 May
I’m speaking about endpoint security and mobility in the upcoming AFSecurity seminar at the University of Oslo 20 May, and I can promise some juicy demonstrations. From the site: Academic Forum on Security is a collaborative meeting place in the Oslo area with focus on current issues and research questions related to information security. AFSecurity… Read more »
New iPad 2 keynote raises security concerns
I just saw Steve Jobs announce the new iPad (oooh, shiny, want one), and I’m impressed of the numbers he presented in the keynote: > 200 million users are now registered through the App Store. All with associated credit cards. This is of course nice for Apple, but it is also raises some security concerns:… Read more »
5 non-technical books every hacker should read
The Cockoo’s Egg This book was one of the first hacker books I read – and it still stands as the best. Following the discovery, tracing and eventually unmasking of a highly sophisticated computer espionage ring, this story is thrilling, and best of all: true. The book is still surprisingly relevant, and many of the… Read more »
How to use MBSA standalone to check a MS server for patch status
Recently I’ve been checking the patch level on a LOT of Microsoft servers, mostly versions of Microsoft Server and Microsoft SQL Server. Microsoft has a great tool for this, the Microsoft Baseline Security Analyzer. It’s legacy software, but it’s free of charge and still works like a charm. Obviously, not all administrators are too keen… Read more »