REcon 2012

I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet.  I saw and enjoyed more of the lectures this year than I have in the past and seemed to have better interactions with the [...]

CanSecWest 2011

Yes, that’s right…  After many, many years of wanting to attend this conference, I finally made it.  CanSecWest has been heralded as one of the best, top-quality security conferences that you can attend, and while I actually made it across the pond a few years ago to speak at EUSecWest, the logistics for getting up to CanSecWest just never worked out for me…  until this year. […]

ToorCon 12

After a two year absence due to unavoidable other obligations like good friends’ weddings, I finally made it back to one of my favorite hacker conferences, Toorcon.  San Diego is always beautiful when I happen to be there with nice weather and a cool mix of people, both locals and visitors who are there for the conference, and this year was no exception. […]

REcon 2010

This last weekend I took a trip up to Montreal for REcon.  If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers.  As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline.  If you don’t understand assembly language, you’ll probably not [...]

Fame, Trinkets and Cash

Taking place over the last week was the CanSecWest 2010 security conference, with their now annual Pwn2Own contest. For those that are unfamiliar, the Pwn2Own contest presents a number of devices usually consisting of mobile or cellular devices and laptops as targets and allows contestants to attempt to compromise them in some way. These targets are patched up through the most recent vendor patches, and if a contestant is able [...]

DEFCON 17

After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon.  After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about [...]

By |2009-08-11T15:51:49+00:00August 11th, 2009|conference, hpavc, security, security research|0 Comments

BlackHat USA 2009

Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON.  This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on my own dime, I stayed with some local friends for the first half of my [...]

By |2009-08-07T13:27:00+00:00August 7th, 2009|conference, hpavc, security, security research|0 Comments

The Folly of a Scheduled Patch Release Cycle

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand [...]

DEFCON 16

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on the talks I was able to attend. […]