Tag Archives: press

ExoticLiability podcast interview

ExoticLiability  logoOK, so a quick shameless plug for me and a couple of good friends at EL: I had the pleasure of throwing it all out with the ExoticLiability crew over the weekend, which ended up in a pretty cool podcast. Check it out at www.exoticliability.com (episode 51).

May not be completely safe for listening to at work (especially not with speakers…).

On that note (of shameless plugs) and as we noted on the podcast, if any of you know (or are) potential sponsors for BSides, and ExcaliburCon (especially if you have or want exposure in the Chinese market) feel free to contact us – g0d be my witness it’s not really expensive to sponsor, but critical as these shows are not cheap…

Closing up for now (until later this week probably – expect some new material), just a heads up on the upcoming speaking engagements:

April 14-15 at BlackHat EU in Barcelona, Spain.

June 13-18 at FIRST in Miami FL.

More to come soon…

ExcaliburCon summary and general China notes

So, It’s been quite some time since ExcaliburCon has been concluded, and I have been delaying this post due to some other work related activities that jumped on me right as I landed back home. Anyway, I’ll try to cover as much as I can remember (thanks to a cumulative photographic memory of all the speakers I can “remember” where we have been…).

Conference first: It was just great! No-nonsense, I have been speaking at quite a few conferences around the world, but this one really was special. From the organization, through the location and hospitality, down to the fact that we basically were less than a dozen (western) speakers hanging around all day (and night) which really was a great opportunity to make some new friends and strengthen existing friendships.

Talk wise, I have really enjoyed Nathan Hamiel’s “weaponizing the web” talk which I missed at BlackHat earlier this year – right up my alley of the past year’s research on MalWeb, and a great person in general to hang around with.

Later on Steve Topletz has been discussing intelligence on the internet and the superpowers that are engaged in it (with a strange kudos to a little country called “Israel”? Thanks Steve!) which was I’m sure an eye opener for a lot of people who were not privy to some of the data presented.

I also watched the Joe McCray deliver his “this is so easy” advanced SQL-Injection attack talk with the style we always expect Joe to deliver. Adam Laurie (Major Malfunction) has been wrecking havoc with his RFIdiots talk as usual (and in several other places where we hung around). Jordan Wiens made all this Capture-the-Flag stuff look like a big game (don’t think it is for a minute – the skill-set that a team needs to possess is just brutal, and the challenges are as hard as they are fun!). Jayson Street has been juggling with organizing the conference but managed to smoothly present his talk as well, and I can only say I’m really disappointed for missing out Chris Nickerson’s red-team testing talk (close to my heart and business), as well as Wim Remes’ Open Source Security one (one of the few true Unix guys out there and a swell chap overall 😉 ). FX did not miss his mark either as he delivered a riveting router exploitation talk (riveting for English speakers – not sure how the somewhat direct language translated to Chinese…).

Other than the conference, China has been a great experience – culturally, politically (don’t get me started), culinary (we got pictures – not for the faint of heart), and technologically (I told you not to get me started…). I have learned a lot (which should be the case for every trip and conference) and am sure to come back for more next year after WuXi will recover from the can of pawnage we have opened up there.

The rest of the stories may not be SFW and deserve a been to be divulged, so until then, keep safe!

(Hebrew) Information Risk Management – Israeli Insurance Industry

Just a quick cross post to an article I wrote for the Israeli Insurance Association (this one in Hebrew – an English post will be uploaded to this blog soon). The full article can be found here: http://www.igudbit.org.il/Index.asp?ArticleID=1179&CategoryID=98.

Are you LinkedIn/Facebooked/Twittered/Beboed/Viadeoed/etc?

I’ve just finished reading a great little note from Brian Krebs on the Washington Post that enabled me to “out” (don’t worry, I won’t) an incident that some of us in the security industry have been following in the last few days. One of “ours” has been hijacked on Tweeter, and the impersonator who hijacked him was twittering some rants and raves that actually close to this person’s professional life.

This makes you think again of what we have been discussing in the annual threat report on social networking threats getting real. Once again, our recommendation is – get your online identity straightened out. Make sure you are aware of who you are online, own your identity online – even if that means registering to the major social networks just to “plant your flag” as Brian so eloquently put it (as long as you point the flag to the social networking identity you actually use…).

Check out the original article by Brian here, and our annual report here [PDF].

Conficker madness – good or bad?

Just like BBC’s botnet debacle which fueled a vivid discussion amongst security circles, debating if the exposure is good (i.e., raising awareness to the threat) or bad (i.e., not really ethical, everyone knew about the ability to rent a botnet), CBS’s 60 minutes had a 15 minute spot focusing on Conficker. Check it out here:

On one hand, getting more awareness out there is great – not a lot of people realize how real the threat is, and how organized is the business of managing that threat (favorite quotes – it’s like a business, and uses advertising to promote itself). On the other hand, getting all rattled up towards April 1st might not be effective and may cause an uncalled for panic (and yes, a rush to buy or upgrade security software, which is probably why a certain vendor is highlighted on the CBS piece…).

Bottom line – keep cool, make sure you surf securely, and don’t click on every possible link you are presented with (think first, count to ten, and then click).