Archive for July, 2008

23
Jul

Unintentional Betrayal or Faux Ignorance

By J. Longoria Comments
Categories: disclosure, ethics, internet, j. longoria, security and vulnerability

You tell us… at this point, we don’t know what could have possibly been going through Matasano Chargen’s collective mind when they commented on Halvar Flake’s hypothesis (reference: Halvar Flake) and posting that content directly to the web - this unfortunately doesn’t mix well with the already ’scene’ headache over Dan’s less-than-forthcoming disclosure method (source: Dan Kaminsky / DOXPARA | herehere & here) which has earned him stars in vendor / whitehat handbooks and a big black X with a lot of his INFOSEC counterparts or fellow researchers as briefly depicted here (reference: C|Net News). Whether or not this really hit the nail on the head, it seemed to have raised enough eyebrows this week.

Continue reading ‘Unintentional Betrayal or Faux Ignorance’

19
Jul

POLL: Dan Kaminsky’s DNS Poisoning Bug

By theReformed Comment
Categories: briefs, internet, opinion, poll, thereformed and vulnerability

More than a week later, we mull over Dan Kaminsky’s recent finding that has directly impacted the Internet and it’s support industry, vendors and consumer and stirred controversy that has led some to speculate whether he is only looking for exposure before his talk at the BlackHat briefings this year - we’re posting this poll, referencing his article to see what you think of his disclosure motives or the lack thereof.

You might say, “Why haven’t you written an article on it?” - To be clear, we haven’t blogged about it simply because everyone and their mom has already and we think some of the more provocative ones get to the point here and here.

Dan Kaminsky's DNS bug is...

  • Very Important! (73%, 33 Votes)
  • Moderately Important! (16%, 7 Votes)
  • Searching for 15 Seconds of Fame! (11%, 5 Votes)
  • Not Important! (0%, 0 Votes)

Total Voters: 45

Loading ... Loading ...
05
Jul

Proactive Action Needed in Ballistic Forensics

By J. Longoria Comments
Categories: j. longoria, methodology and technology

As a brief thought, I was reading some analysis materials and a white paper on ballistic forensics and how scientists are overcoming barriers to processing crime scenes involving a firearm that utilizes ballistic projectiles. As a strong proponent of our right to bear arms, responsibly, in the United States, I also find myself increasingly interested in the advancements of industry on trace ballistic evidence which can be assessed in a criminal event. There are several dozen parameters, metrics and material analysis processes that take place in the dissection of these specific type crimes, but what happens if the firearm itself leaves little or no trace other than a projectile which decimated it’s target?

Continue reading ‘Proactive Action Needed in Ballistic Forensics’

July 2008
M T W T F S S
« Jun   Aug »
 123456
78910111213
14151617181920
21222324252627
28293031  

Months

Recent Entries

Worth Reading

    robert hansen [rsnake]
    (sectheory)

  • More McAfee Snakeoil Ranting - I know a lot of people are just tired of the same old PCI ASV rant that really surfaced last year, but I got an email today and I thought it was worth a re-post. Mike Bailey sent this over and I
    Read more...  


    • chris eng, chris wysopal [weldpond] &
    christien rioux [dildog]
    (veracode)

  • (ISC)2?s Newest Cash Cow: The CSSLP Certification - Last week, during the OWASP AppSec 2008 Conference, the people behind the ubiquitous CISSP certification announced their latest creation — the Certified Software Security Lifecycle Professional
    Read more...  


    • spacerogue

  • Fake Story Still Fake, Media Still Clueless - About eight years ago a media story broke about how some “hackers” took over a British Ministry of Defense Satellite and were holding it for ransom. Anyone who knew anything about Command
    Read more...  


    • dan kaminsky
    [ioactive, inc.]

  • [cite required] - Someone asked for a cite on the Consumer Reports claims in my Black Hat 2008 slides.  I went and tracked this down, and I actually picked this up from the Meandering Wildly blog.  Looks like I
    Read more...  


    • dino dai zovi

  • Dead Bugs Society: Apple File Server - For today’s installment of Dead Bugs Society, I’m going to dig up another one of my favorite exploits.  This exploit is actually the second exploit that I wrote for the Apple File Server
    Read more...  


    • amrit williams

  • Gartner DOES have a sense of humor - sometimes - Greg Young (here) and John Pescatore (here) have started blogging on the Gartner Blogging network and many of the posts are both enlightening and humorous, such as this post from Greg Young on how to
    Read more...  


    • dave goldsmith, jeremy rauch,
    thomas ptacek & chris rohlf
    [matasano chargen]

  • Detecting Anonymizing Proxies - Anonymizing proxies are often used by people who wish privacy, or to circumvent access controls. High profile political cases such as circumventing the Great Firewall of China and the protection of
    Read more...  


Blogroll