Speaking session at OWASP NYC Chapter

Posted by & filed under /dev/random.

I’ll speak at the OWASP NYC Chapter at Bank of New York Mellon this Thursday, check the link for getting on the waiting list (at the time of writing, the meeting is fully booked). I’ll speak about hardware hacks (not lock picking, but rather how to use hardware to attack software), and present my tool Inception… Read more »

Hey corporations: Provide a easy way to disclose vulnerabilities to you!

Posted by & filed under /dev/random, Hacking & Pentesting, Secure Development.

Lately I’ve seen several cases where people openly discuss discovered web vulnerabilities in big corporations’ web sites, and often disclosing technical details because the person that discovered didn’t find or didn’t bother looking hard enough for a phone number or email address to the relevant security response team. Even though some of the cases above are… Read more »

Fire through the wire

Posted by & filed under Hacking & Pentesting, Tools & Methodology.

Update: FTWAutopwn is now named Inception: I’ve created a standalone page for the tool here, please be referred to that page for updates on the tool. The last days I’ve been working on an alternative to winlockpwn (unlocking locked Windows boxes through FireWire SBP2 DMA) using libforensic1394. Now I’ve released an alpha version of the tool, Fire… Read more »

Openness and disclosure may be the only remedy against operations like the “Shady RAT”

Posted by & filed under Hacks, Security News.

McAfee recently disclosed the result of five years of investigation of a threat actor that have compromised 72 targeted organizations. While the sheer number and time span of the attacks, not to mention the compromised parties’ identities (for instance, the United Nations was hacked) are enough to raise an eyebrow or two, two paragraphs in the article particularly caught my… Read more »

winlockpwn on Ubuntu

Posted by & filed under Hacking & Pentesting, Hacks, Tools & Methodology.

Update: I’ve released a tool at github called Inception, which uses libforensic1394 to unlock Windows XP, Vista and Windows 7 boxes. IMNSHO, it is much more stable than winlockpwn, easier to use and works against a wider spectrum of target operating systems. Quite regularly I’m being asked to demonstrate the FireWire attack made by MetlStorm aka… Read more »

Speaking session at AFSecurity 20 May

Posted by & filed under /dev/random.

I’m speaking about endpoint security and mobility in the upcoming AFSecurity seminar at the University of Oslo 20 May, and I can promise some juicy demonstrations. From the site: Academic Forum on Security is a collaborative meeting place in the Oslo area with focus on current issues and research questions related to information security. AFSecurity… Read more »

New iPad 2 keynote raises security concerns

Posted by & filed under Security News.

I just saw Steve Jobs announce the new iPad (oooh, shiny, want one), and I’m impressed of the numbers he presented in the keynote: > 200 million users are now registered through the App Store. All with associated credit cards. This is of course nice for Apple, but it is also raises some security concerns:… Read more »

5 non-technical books every hacker should read

Posted by & filed under /dev/random.

The Cockoo’s Egg This book was one of the first hacker books I read – and it still stands as the best. Following the discovery, tracing and eventually unmasking of a highly sophisticated computer espionage ring, this story is thrilling, and best of all: true. The book is still surprisingly relevant, and many of the… Read more »