REcon 2010

This last weekend I took a trip up to Montreal for REcon.  If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers.  As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline.  If you don’t understand assembly language, you’ll probably not [...]

Advanced Persistent Threat

Ok, enough with the APT marketing and journalism diarrhea...  It's really quite simple: ad·vanced - /ædˈvænst, -ˈvɑnst/ -adjective 1. ahead or far or further along in progress, complexity, knowledge, skill, etc.: an advanced class in Spanish; to take a course in advanced mathematics; Our plans are too advanced to make the change now. per·sist·ent - /pərˈsɪstənt, -ˈzɪs-/ –adjective 1. persisting, esp. in spite of opposition, obstacles, discouragement, etc.; persevering: a most [...]

By |2010-04-12T09:37:30+00:00April 12th, 2010|attack, hpavc, rant, security, threat modeling|0 Comments

SmartPhone Unlock Screens: Moving in the Wrong Direction

I recently purchased the Motorola Droid from Verizon, and am so far very happy with it.  Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it.  I have however, noticed that [...]

DEFCON 17

After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon.  After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about [...]

By |2009-08-11T15:51:49+00:00August 11th, 2009|conference, hpavc, security, security research|0 Comments

BlackHat USA 2009

Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON.  This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on my own dime, I stayed with some local friends for the first half of my [...]

By |2009-08-07T13:27:00+00:00August 7th, 2009|conference, hpavc, security, security research|0 Comments

The Folly of a Scheduled Patch Release Cycle

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand [...]

DEFCON 16

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on the talks I was able to attend. […]

ToorCon 9

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the [...]