90% of OPSEC is for christ's sake, encrypt it! and 10% of OPSEC is
for christ's sake, don't encrypt it. For this reason, it's a hard
discipline to learn and an even harder one to teach.
INFILTRATE 2011's Unethical Hacking class is our best attempt at it,
and it ends up being, as you might expect,
That was an awesome display, but I am always reminded of this
fantastic discussion of Robert Frost's classic poem Fire and Ice
when involved in such things. Especially Dvonna's fantastic
contribution to the thread (see below)
http://oldpoetry.com/opoem/4158-Robert-Frost-Fire-And-Ice
eclipse?
So I was at a meeting last week, and one of the high ranking members
said something like this, which I'm sure you've heard before:
Member: We've improved our communications by setting up this great
website! It allows us to communicate all our super-important and
highly confidential information.
1. Everyone likes to have more advisory boards as long as they are on them!
2.
From the CNAS report (http://www.cnas.org/node/6405) volume 1 page 30:
In addition to a favorable cost ratio, attackers also possess advantages
in the required levels of effort and complexity. According to the
Defense
That's right, it's War Nerd on Osama Porn:
http://exiledonline.com/wn-osama-porn/
For bonus credit, War Nerd on Al Q. as a whole versus IRA:
http://exiledonline.com/wn-38-ira-vs-al-qaeda-i-was-wrong/
Both of those are basically required reading for anyone in the
cyber-offense space, but I'm not
If you were building a scanner today that probed the whole interesting
Internet, you may or may not find that there are any good remotely
exploitable vulnerabilities. Now, of course you will find lots of PHP
bugs, SQL Injections, and other web-related things. Apparently you can
own senate.gov with
mailto:ad...@immunityinc.com know! We may try to rent out a bar as
well, so if you're only free at night, let us know that too!
Send RSVP or meeting requests to: ad...@immunityinc.com .
??!
Dave Aitel
Immunity, Inc.
signature.asc
Description: OpenPGP digital signature
For the first year ever, Immunity is sponsoring BlackHat. In addition to
having a number of Immunity people there, we're going to have a booth
where you can see CANVAS and SILICA demos live and in color. We'll also
have the ability for people to take the NOP certification, we'll be
giving away
In my imaginary hacking strategy class the first essay question is this:
1. What would you build now that would let you hack into what you want to
hack into in five years?
2. Ten years from now?
3. Fifty years from now?
If you already know what you want to hack into five years from now, you're a
I can't improve on AlexM's snark as he writes about the White Phosphorus
module for Sharepoint 2007, so I encourage you to just go read it here!
https://lists.immunityinc.com/pipermail/canvas/2011-September/65.html
I know a lot of people think White Phosphorus is Immunity. This isn't
true,
Right now it says coming soon but if you want to sign up for the
Master Class before the rush (or because you have end of year money),
now is a good time to call up. Last year it sold out fairly fast and we
don't do the class anywhere but at INFILTRATE.
From the latest SANS NewsBite email...this is their lead-in.
Should security auditors and assessors be sued for malpractice?
On Oct 11-12, seven federal agencies and a large user organization will
demonstrate innovations that they have each deployed, that scale, that
are surprisingly effective
Generally I'd like to make all INFILTRATE speakers watch this
http://www.ted.com/talks/lang/eng/hans_rosling_shows_the_best_stats_you_ve_ever_seen.html
video and then make their talks AT LEAST AS GOOD as an old guy
blabbering about statistics. : However, in order for people to purchase
tickets, I
question to Minimum
viable product. :)
7.
-dave
On 9/29/11 4:24 PM, Dave Aitel wrote:
The past of web hacking is here, it's just not evenly distributed. And
by that, I mean that you're going to find a lot of SQL Injection bugs
if in Google you do inurl:.asp site:myclient.com
In the accounting and business world projections is the term for how
much money will I probably make. In everyone else's world, the term is
baloney.
Nonetheless, you have to at some point make projections about what
technologies are going to succeed in order to build your team properly
to tackle
Brian Krebs is speaking tomorrow at Sector.ca, and recently he said that
all the smart people in security go into defense because it's a harder
problem.
SOMEONE HECKLE HIM. :
But in the meantime, Justin Seitz is doing SILICA demos over the booth
area (or just at the local Tim Hortons). I hear
Everyone basically ignores LUA http://www.lua.org/about.html as much
as possible - not as useful for large projects as Python or Ruby, not as
fast as C. But eventually every big C project wants a scripting
language, and they look around at licensing and features and choose LUA.
Wireshark is the
to either apply these directly as a tariff against one of their
competitors from the offending country, or sell them to another domestic
company.
-dave
On 11/10/11 11:04 AM, Dave Aitel wrote:
HARWOOD: Governor Romney, was it a mistake for Governor Schwarzenegger
to hire the firm in China
As they say in the industry: fail at air gap?
http://pastebin.com/Wx90LLum
-dave
___
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
WEP is truly the algorithm that won't stop giving. For example, did you know
that even if you have no unencrypted networks in your Mac/Win7 box's profiles,
you can still be attacked using the encrypted profiles that use WEP? I guess
you may have theoretically known that, because you are so up
When you talk about cyber situational awareness you will often find
people talking about large scale scanning or sniffing. This is often
missing the point - it's 90's era thinking applied to the much more
interesting and complex
Has anyone noticed The Vampire Diaries has a plot directly taken from
Twilight but the characters of Dawson's Creek? No?
Speaking of confusing things, the HP
Printer brouhaha is definitely confusing. Either HP printers take in
unsigned firmware updates, or they do not. The researchers say they do
, in a turn of fate, are usually immune.
-dave
On Thu, Dec 1, 2011 at 3:30 PM, John Bond john.r.b...@gmail.com wrote:
On 23 November 2011 16:33, Dave Aitel d...@immunityinc.com wrote:
WEP is truly the algorithm that won't stop giving. For example, did you
know that even if you have
like funny stuff Daveā¦ :)
http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/
Joel
On Nov 19, 2011, at 8:44 AM, Dave Aitel wrote:
As they say in the industry: fail at air gap?
http://pastebin.com/Wx90LLum
-dave
Which means the report is right - HP forgot to allow only digitally signed
firmwares to load. If I was a big enterprise, I'd ask for a recall of all
the affected printers, since I obviously can't trust them anymore...
That would be a fun precedent to set. :
-dave
On Fri, Dec 2, 2011 at 2:05
So I personally wasn't a huge fan, but more than one person has
suggested Daemonby Leinad Zeraus. But you can't buy this in electronic
format anymore for some reason, and I can't find the torrent on
PirateBay, so it's not eligible! You're better off reading Daniel Keys
Moran's AI War instead. :
Just how bad is that Sec-Consult Apache Struts vulnerability...
(from their advisory)
___
2.) Remote command execution in Struts = 2.3.1 (CookieInterceptor)
Given struts.xml is configured to handle all cookie names (independent
of limited cookie values):
action name=Test
INFILTRATE 2012 is over (as of an hour from now). I will say that all
the talks, especially the keynotes, exceeded our expectations. That's a
good thing - we had high expectations even of Thomas Lim!
Here is one review:
http://blog.opensecurityresearch.com/2012/01/infiltrate-wrap-up.html
Dear DD - attached is some red meat. :
-dave
Introduction
It is, of course, very possible that hackers will get to help choose
America's next president. Possibly not in the most direct way (aka,
attacking the electoral system directly, the candidates, or the super
PACs that support their
Movies and Links of the day!
If you haven't seen the new SILICA Release movie, then you should. Team
SILICA worked hard at making the WPS attack as easy to make work as
possible. There are a lot of popular routers where you have NO WAY to
turn this feature off. I love that.
So I guess my summary would be : Better than expected so far!
The first talk I saw, was a panel discussion lead by CloudStrike's
Dmitri Alperovitch (who is uniquely confused as to how new his Android
exploit talk is - I mean there's products out there that do everything
his talk discusses. Then
Why is it that every conference has gone the full hog and decided that
you must sell keynotes? When I tried to watch the Whitman Diffie
keynote at BH EU, it was proceeded by a 30 minute Fortigate
infomercial. RSA had like 5 paid-for keynotes for every one real
keynote. Everyone who hasn't should
We're working our way through the INFILTRATE 2012 movies slowly - each
one has to be re-rendered in iMovie since the original recording was
done into some Silverlight applet. So we find we are re-syncing the
slides with the videos by hand, which is less than ideal. Nonetheless,
the first videos
When I watch Mark Wuergler's INFILTRATE 2012 talk on wireless attacks it
makes me think of the tiny Fear Demon from Buffy
http://upload.wikimedia.org/wikipedia/en/d/d7/Buffy4x04.jpg. We had to
squeeze him down into a tiny window at the top right. All you can really
see about him is that he's
So we put my RSA 2012 talk up, along with the comments from the viewers that
RSA collected.
I 100% agree with every comment in the feedback form, which include such bon
mots such as You reek of pride. Frankly, I am quite proud of what the
offensive community has been able to do over the last
Immunity is ten years old now - and like any ten year old, it is
interested mostly in shiny things that bleep and bloop. :
But also like any ten year old we are growing and always hungry, and so
if you're interested in working in the new DC office or Miami Beach HQ,
please let me know. We only
As for getting into the power grid, I can't see that that's realistic,
Schmidt said. http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/
Likewise as that Threat Point article from the start of his time in the
White House points out:
People have to recognize that when we close the door
So for those of you who do not follow the twitters...IntevyDis released
a new version of VulnDisco Mobile, which includes an untethered
jaibreak for the latest iOS.
http://www.idownloadblog.com/2012/05/22/new-jailbreak-vulndisco-mobile/
You can watch the movie to see a CANVAS node pop up as
http://www.washingtonpost.com/national/clinton-state-department-hacked-al-qaida-sites-in-yemen-part-of-covert-war-on-terror/2012/05/23/gJQAKFOdlU_story.html
So you know how when you're at a stoplight, and you see flashing lights
from a fire truck behind you, and you'll carefully maneuver to pull
though, iiuc.
-dave
On 5/24/12 10:47 AM, Dave Aitel wrote:
http://www.washingtonpost.com/national/clinton-state-department-hacked-al-qaida-sites-in-yemen-part-of-covert-war-on-terror/2012/05/23/gJQAKFOdlU_story.html
So you know how when you're at a stoplight, and you see flashing lights
from
So now that Max is six, I get to read comic books while pretending
they're for him. And one thing you learn quickly is that the comic books
people revere - the old-school Stan Lee era comic books - are godawful.
They're just terrible. The art is terrible. The writing is campy and
flowless and just
http://www.hack-cup.com/add-your-team
And of course, in the real-world hack cup, we have FLAME. Hooray for
naming schemes!
http://video.foxbusiness.com/v/1665315023001/whos-behind-cyber-attack-against-iran/
-dave
--
INFILTRATE - the world's best offensive information security conference.
So these are great videos:
http://www.youtube.com/user/USNavalInstitute/videos
You'll notice the one by General Cartwright (which we twittered/posted
earlier) has about 2000 views, and all the others have like, 10. But
that could just be because his video is awesome.
Panels are always hard to
http://infiltratecon.com/speakers.html
So like many of you I'm rarely impressed by capture the flags. There's
whole countries out there with working Internets but without functioning
governments, isn't that enough for people? Also, I tend to lose CTFs to
SK Chong whenever I play, which is
While I think having Stephen Watt and Chris Eagle as keynote speakers is
enough reason for everyone to come to INFILTRATE, apparently the new
hotness is having sports. At BlackHat we did indoor soccer via Hack-Cup
http://hack-cup.com/ and it was awesome, even for those of us who
otherwise never
So I just got back from Ekoparty, in Argentina. Ekoparty has great
technical content - much of which I listened to through a translator
service they had (which was surprisingly effective). Of course,
sometimes the interesting talks are not technical at all (and, luckily
for me, in English), as is
So I'm in DC today (ostensibly for the Plan X meeting, but I didn't
register in time, and I don't have the necessary clearances anyways, so
instead, heading to the Immunity DC office, etc.) and of course, the
whole area is suffused in politics the way Palo Alto is suffused in VC
money or Paris is
Some people don't know how to use email, so I'm forwarding things for them.
-dave
Original Message
Subject:Re: [Dailydave] Friends, Romans...
Date: Thu, 27 Sep 2012 20:18:05 +0700
From: the grugq thegr...@gmail.com
To: Dave Aitel d...@immunityinc.com
On 09
Good Muse Everyone!
http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html
My fav. line in the above is There is no evidence to date that any
source code was stolen.
I mean, aside from the obvious fact that the attackers were knowledgable
enough about the
I remember when people were wondering when Microsoft was going to kill
Linux off. But these days, Linux exploitation is more in demand than
ever. We see it in consulting engagements all the time, for example.
Also, now that it's the new federal business year, it's time for
everyone to think about
CANVAS added HTTP/S + Proxy support to Java MOSDEF last week for the
release. http://www.immunityinc.com/news-latest.shtml This means that
when you attack people with Java client-sides you get a much higher rate
of success against Financial and Federal Govt networks, which is awesome
in its own
The hard thing, with these product demo movies, is to imagine how we
would have done it 5 years ago. Is it any different from today? If not,
then we need to work harder...but in this case, I think it's a pretty
smooth show. You get to see the various new things from this month's
CANVAS release,
http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/
So I'm no fan of Weev aka Andrew Auernheimer. The man is seriously
disturbed and it's odd to see people support him
https://twitter.com/maradydd/status/271067146145107968 on Twitter.
Just as an example, here's some bizarre rape
I don't normally read Honeynet.org, but when I do...well I have to say
I'm impressed. http://www.honeynet.org/node/1004
Building a better honeypot is a worthy effort - one that may possibly
have a big place in the future of network security insomuch as right now
most people have forgotten the
So the question is: Can internet hacktivism cause a nation state to
kindly ask Google to remove a video that Muslims hate, the same way
Google removes known terrorist videos or videos of your baby dancing to
Britney Spears tunes under copyright reasoning.
So far the answer is no. But the Al
I'm back from NZ, and because it is a 24 hour plane ride, and last time
I went to work the very next day and did idiotic things, I promised
myself I wouldn't work today. Idiotic things are still OK, just not at work.
However, I couldn't resist posting this tidbit from our main IRC.
14:29 a
, there appear to be new rules for cleared defense contractors
who now have to report to the DoD any intrusions. (Perhaps this is not new?)
It's quite interesting to read through though.
-dave
On Mon, Jan 7, 2013 at 1:04 PM, Dave Aitel d...@immunityinc.com
mailto:d...@immunityinc.com wrote
In addition to amazing keynotes, INFILTRATE is starting to put up some
speakers. To start, Matias Soler is going to talk about a project he has
been working on called The Chameleon; A Cellphone-based USB
impersonator http://infiltratecon.com/speakers.html . Remember to get
the hotel password from
After reading a lot of Grey's Anatomy's blogs I came upon the snippet
that in fact, the name Grey indicated her character saw things always
in shades of grey, as opposed to everyone else on the show, who tend to
be a bit more black and white. It's snazzy wordplay like that that gets
it 9 seasons
http://venturebeat.com/2013/01/17/convicted-hacker-steven-watt-on-aaron-swarzt-its-just-not-justice/
--
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com
signature.asc
Description: OpenPGP digital signature
it up. (It might be about something else entirely)
KEYNOTE: Dave Aitel - What's At Stake? - Everything Buffy The Vampire Slayer
Taught Me About Cyberwar
signature.asc
Description: OpenPGP digital signature
___
Dailydave mailing list
Dailydave
So one thing I think is interesting is that New York Times story.
Here's how it goes, in bullet points:
1. NYT knows it's ruffling feathers, so it hires ATT (??) to watch
their network
2. ATT sees something, so NYT calls in Mandiant
3. Mandiant and NYT let the Chinese hack things and watch them
Every time I do this people assume it's me posting. I don't post to DD
pretend-anonymously.
-dave
Hello DD,
Sir Tim Berners Lee was in Canberra recently for a Linux conference, and
discussed the events surrounding the untimely death of Adam Swartz.
He mentioned that Adam had wanted his hard
How to be offensive without being offensive. There's no class in this,
and I have to say that I'm not that great at it and maybe never will be.
I spent all last week with my grandfather who's 92, and lived through
WWII. I'd say fought in WWII, since he was in the Air Force and really
wanted to
So the above blog is a bit of a tease. But then in a way the best talks
are teases themselves. Essentially it is someone standing at the edge of
a thick forest, pointing into the underbrush, and saying I went a
little bit this way, and it seems good.
INFILTRATE is bigger than last year. Not by a
So a while back I asked what the point of PWN2OWN was, and Mark Dowd
said that of course many people have never SEEN a modern exploit, and
hence it has some strategic value. I think for Google it's also useful
to see what new bugclasses exist in their products that people have not
otherwise
up the podcast I did
this morning with Ryan Naraine
here:https://www.securityweek.com/podcast-dave-aitel-security-awareness-training-exploit-sales-jiu-jitsu
-dave
signature.asc
Description: OpenPGP digital signature
___
Dailydave mailing list
http://blog.ioactive.com/2013/04/can-gdbs-list-source-code-be-used-for.html
So reading the above blog is amusing for many reasons. But it did make a
lot of people sit around looking at the funniest games you could play on
modern Linux. For example, Linux Hangman.
Linux Hangman Rules
You take
It's really only after you finish writing a keynote that you know what
it's about. In a sense, everyone around you writes it with you as you
talk through it with people. The one I delivered at SyScan itself was
funnier. . . although even so, not very funny. Not everything is funny!
Even things
Andwe're back!
I got a few emails asking where DD went, and the answer is after
INFILTRATE there's lots of work to do. We'll have quite a few
announcements and blog posts and dissertations on social insects and
their relationship to trojan protocols coming in the following days!
For a
So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
Halvar's general tenets that the easiest analogy to what is happening in
the cyber space is the creation of a new Navy (or set of Navy's). But he
refuses to argue with it when it's not words on paper. So I figured I'd
put down
So the first video we're releasing is Stephen Watt's keynote. Yesterday
we released it as a link in Immunity Debugger, so if you were doing real
WORK then you got it early. :
http://infiltratecon.com/watt.html
Of course, the best time to get tickets for INFILTRATE 2014 is now, and
not the day
Keynotes, unlike normal technical talks, should sometimes cover very
broad areas because your keynote speakers should have broad, interesting
experiences. Chris Eagle's keynote at INFILTRATE 2013 is one of those.
Few people knew that before working with IDA, Chris Eagle was a Naval
Pilot. And yet,
And neither one is about Edward Snowden!!! :
http://infiltratecon.com/chriseagle.html --the end of this video is
fixed. It's worth a watch if you weren't at INFILTRATE to see it live.
Often the questions and responses to the questions are the best parts of
any presentation.
http://www.foreignpolicy.com/articles/2013/06/20/the_new_triad#.UcOf4jgwA9M.twitter
With the way everyone talks about triads you'd think humans had three
fingers. But the article was worth reading.
And if you're wondering this morning how STALKER is doing:
http://usa.chinadaily.com.cn/opinion/2013-06/26/content_16659265.htm
Normally I don't like to stick my toe in the neutron star's gravity well
that is the NSA-Snowden discussion. But it's important to point out that
there are developing standards of behavior being negotiated not between
China and
Halvar once said something like People are pretty rubbish at thinking
in graphs, much better at thinking about which fruit looks tastier. I'm
heavily paraphrasing just to troll him, of course. But the concept of
visualizations in our field being incredibly hard is interesting in
terms of the
So Quantum Dawn 2
http://www.sifma.org/services/bcp/cybersecurity-exercise--quantum-dawn-2/
is coming up - and it's a good opportunity to talk about how exercises
like that in general work, and what they find, and so forth. These are
essentially faked table-top exercises, which leads a lot of the
You seek the Nothing, but
you have not even mastered having
one thought.
Off and on this week Vanessa and I were still working hard on Immunity's
BlackHat marketing slicks. One night I bought Vanessa a book from Basho
because the Immunity way is that good marketing is about having one true
Tomorrow I'm heading to speak on a panel at a conference on Airport
Security http://www.aci-na.org/event/2747. This is not a topic that in
and of itself I am an expert on, other than, as all of you on this list,
shuddering as I walk past that cage of computer equipment within easy
access as you
Related Twitter threads here:
https://twitter.com/carnal0wnage/status/367734642213801985
https://twitter.com/SelsRoger/status/367751020442832897
One thing you should pay attention to, as someone who works in IT security is
how the various assumptions change over time. It used to be that managing
.
-
Wolfgang
On Tue, Sep 3, 2013 at 1:42 PM, Dave Aitel d...@immunityinc.com wrote:
http://www.qualys.com/research/top10/
So I recently found out about the Qualys Top 10 vulnerabilities list,
which is a pretty cool resource really. Any time a big company with a
lot of data offers a view
GIFs. We love them. And we love them giving us remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3174even more
than we love them showing us how to escape from jail
http://imgur.com/gallery/40Nd2.
The last CANVAS release (the base release, since I also consider the
From an attacker's perspective this is the defender attacking the
exploit supply chain - where there are two parties, one which writes the
exploits and the other which uses them, it's hard to cycle new targets
into the mix. Hence, the target that is most prolific is the one that
has been QA'd and
http://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire
So I don't usually link to random blogs from the big boys, but this
article is worth a read. On Twitter Ben Nagy asked what an integrated
team looks like - and though Symantec didn't really DELVE into the
details,
So there's a concept in BJJ/Judo called base, and it's all about
knowing the center of gravity of your opponent and also knowing where
they're support structures are, and which direction they can flex and
push. I know almost nothing about such things (as evidenced by my
performance at INFILTRATE's
http://www.immunityinc.com/infiltrate/albertogarciaillera.html
Notable quotes:
I'm not a developer, but I'm going to speak about malware. Malware that
I developed. :
Spain is perfect.
I liked this talk because it was about the practical realities of how to
do data exfiltration out of networks in
So in general my feeling on 0days is that they come from new attack
surfaces. Finding those new attack surfaces takes a lot of initial time
- months in many cases. Usually it requires a lot of painful strip
mining. For example, you may end up having to implement an entire USB
stack from scratch in
So, to continue today's email flood, one thing I've been thinking about,
as it pertains to cyberweapons, is of course, the original information
virus of them all: DNA.
First of all, I think it's pretty clear databases exist that are wide
enough and complete enough (and covert enough) that a
http://www.washingtonpost.com/world/national-security/nsa-apparently-taps-google-yahoo-networks-without-companies-knowledge/2013/10/30/f14749d0-4195-11e3-a751-f032898f2dbc_story.html
Otherwise known as Much ado about basically the wrong thing.
Eric Schmidt is pretty mad about how when you send
So when writing remote access tools like INNUENDO, you have to throw
out all the parts of your brain that try to do normal RPC (remote
procedure call).
For example, I just wrote a module (yes, I can still write code, sorta),
which sits on the client taking screengrabs every ten seconds. If the
http://0xdabbad00.com/wp-content/uploads/2013/11/emet_4_1_uncovered.pdf
https://www.exodusintel.com/files/Aaron_Portnoy-Bypassing_All_Of_The_Things.pdf
So I wanted to compare and contrast the EMET paper with the Portnoy
Bypassing all the Things paper. Because nothing makes me madder than
the
Those of us who loved Buffy watch anything Joss Whedon puts out, because
we KNOW he's capable of genius. That said, he always has a hacker
character, and they've been getting progressively worse. Willow is
entirely believable - conflicted, dark, and at the same time cheerfully
nerdy.
Avengers'
People are strange. For example, they often say You have to assume you
are compromised! and then in the very next breath they are buying more
perimeter equipment like Fireeye and WAF and whatnot. Likewise, people
measuring click-rates on how many people clicked a phishing email, but
a lot of the
I wanted to cover some of the issues with the NSA Task Force document. I'll
begin abruptly here:
The document recommends splitting the NSA up quite a bit - specifically
moving defense (INFOSEC otherwise known as IAD) to one organization, and
offense (SIGINT, TAO, etc.) to another.
It also
2013 - A New Hope
So I hesitate to make predictions, but I think it's important to at some
level acknowledge that 2013 was a huge year for information security. A
few things happened... :
o The rebirth of managed security services.
When you don't care about bringing hackers to court, but you
So the thing about writing trojans is that they end up being large scale
systems programs. What I mean by that, is one second your thinking about
all the cool stuff you can do with covert channels and P2P networks and
internal cryptographics, and the very next second, once any of that
stuff is
http://opencfp.immunityinc.com/cfp/1/
So far we have 13 talks up for your review - the system is working
pretty well I think and I know there will be a few more added shortly.
So submit your talks now! Sometimes people wonder if program analysis
and related topics are offensive, and *I* think
http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html
*Should NSA point out holes?*
Among the weapons in the NSA's arsenal are zero day exploits, tools
that take
That was a quote from the article that I wanted to highlight. I
obviously did not write that (in case there is some confusion).
-dave
On 1/8/2014 4:08 PM, Dave Aitel wrote:
http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third
1 - 100 of 326 matches
Mail list logo