I will be speaking at TROOPERS this March; my talk is titled: "The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization".
The talk will begin with a new hardware-level attack on PCIe as an example for the implicit trust organizations place in 3rd parties. These . . .
Or: why we're playing the wrong game
Nota Bene: This post is a summary of a disconnection I've noticed in the information security community (myself included) and has been influenced by discussions with others, namely Prof. Bratus; please consider this an invitation to dialogue or comment, and not a one-size-fits all argument.
Having spent a busy spring and summer traveling . . .
In my last post, I provided a high-level summary of each of the three Las Vegas conferences, but no real technical meat about what I learned while in the desert. I'm going to take a few moments to type some notes or musings about the talks I attended for posterity.
- Skull And Bones (And Warez) - Secret Societies of the Computer . . .
Or: BSidesLV, Black Hat and DEF CON
I have survived a week in the hot desert and returned safely and smoothly to the Mile High. While the memories are still fresh, I wanted to reflect on my time at the three large conferences and what I liked, what I didn't and lessons learned.
Formed initially as an answer to the other conferences getting too large and too . . .
Or on the cyber-playing field
Disclaimer: Some of my concerns and proposed changes may be addressed and included into the miniLock code before the official release, greatly improving security. I will post a new entry once the merge has happened to describe the changes and how they make miniLock much more secure. Until then, please take the below with a large grain of salt . . .
I will be speaking at BSidesLV this August; my talk is titled: "Cluck Cluck: On Intel's Broken Promises". This talk will cover a CPU/x86 architecture bug on most recent systems (2004-present) that provides an OS independent method to break out of virtual memory. The lesson I hope to impart of my audience is that in adding a new . . .
Since joining the cult of LangSec, I've spent a great deal of time pondering what makes a programming language or environment "useful" and believe that the current model centered around Turing-completeness is no longer sufficient to describe the nuances between varied environments. The root of this stems from the huge divergence . . .