REcon 2010

This last weekend I took a trip up to Montreal for REcon.  If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers.  As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline.  If you don’t understand assembly language, you’ll probably not [...]

SmartPhone Unlock Screens: Moving in the Wrong Direction

I recently purchased the Motorola Droid from Verizon, and am so far very happy with it.  Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it.  I have however, noticed that [...]

MD5? Really?

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did. […]

The Folly of a Scheduled Patch Release Cycle

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand [...]

DEFCON 16

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on the talks I was able to attend. […]

Sleep Hacking

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had the opportunity to before, at least not for extended periods of time; my body’s natural [...]

By |2008-06-23T08:14:16+00:00June 23rd, 2008|employment, hack|0 Comments

ToorCon Seattle 2008

The ToorCon organization puts on some of the best conferences in my opinion, and this last weekend was version 1.0 of their Seattle conference (beta was last year, which I also attended). Friday night was entirely 5-minute lightning talks and then Saturday was entirely 20-minute turbo talks. Sunday was workshops, which unfortunately I could not attend since I had to fly back to Austin mid-day. Last year was invite only [...]