Application Penetration and Code Analysis for Non-Developers

Application security competence found at bottom

As most techsec professionals, I’ve been asked to do more and more in application security matters, an area that I’ve usually seen specialist ninjas dominate due to the often extreme technical depth required of the realm.

I’ve written previously about how [in]competence seems to be very hard to [...]

Destroy Your Infrastructure

The state of the industry is now and has long been driven by companies selling easy solutions to the incredibly difficult problem of meeting the conflicting goals of performance, usability, and security. What the clued have known and the unclued usually have not is that there is no easy answers, turn-key appliances, or buttons to [...]

Unintentional games

For all the hype and declarations of world-changingness that have been made about mobile technology, social networks, the new hype sounds a lot like the old hype. Only the drastic hyperbole in place of earnings has changed. Only schoolgirls and iPhone fanboys crave the mobile experience; they didn’t replace conventional computers nor did (or will) [...]

Another Week, Another GSM Cipher Bites the Dust

Orr Dunkelman, Nathan Keller, and Adi Shamir have released a paper showing that they’ve broken KASUMI, the cipher used in encrypting 3G GSM communications. KASUMI is also known as A5/3, which is confusing because it’s only been a week since breaks on A5/1, a completely different cipher, were publicized. So if you’re wondering if [...]

Best of 26c3

Here is my list of the most important talks of the 26th Chaos Communication Congress [26C3] held in Berlin, Germany that was held last week.

Since my German language skills have eroded into near-worthlessness, I’m only going to mention presentations available in the English language.

Many videos are not yet up, but of those that [...]