Noah Schiffman
Take Two Hackers and VoIP me in the Morning
With over 10,000 magazines published in the US, I rarely have time to read all of them. But I do make an effort to set aside a few hundred hours each week to read as many of them as I can.Reading the current 2008/2009 Physicians...
The Reversible Denial-of-Resource CryptoViral Extortion Attack
Ransomware, although somewhat appropriately nicknamed, as it takes your data hostage demanding money for its release, has always implied an unnecessary emotional component. It is unforgivably insensitive to compare this to any type...
Intel’s War Gaming: A Blueprint for Security Success
Assessment of corporate security is a difficult but essential task. Regardless of industry, most companies allocate their IT resources to maintenance, upgrades, support and alignment with corporate strategy. While the necessity for...
DARPA attempting the impossible: Self-simulation for defense training
Although this news item first broke several weeks ago, I have been awaiting public analysis regarding its impracticability. Bereft of criticism, I will provide my own. The Internet began as a "store-and-forward" packet switching...
Wireline TeleCom tops FCC Complaint List
Catching up on my reading of unscrupulous behavior, I came across some interesting information from the Federal Communications Commission (FCC). Their Consumer Inquiries and Complaints Division is in charge of reviewing, mediating,...
Hackers will know what you’re wearing
You purchased your clothes, you're wearing your clothes, but now someone else 0wns them.Self-reliant clothing retailer, American Apparel, has added some technology into its LA based manufacturing process. It began placing radio...
Microsoft Security Intelligence Report scores low IQ
Redmond has recently published their semi-annual recap on the (in)security of their leading products. The Microsoft Security Intelligence Report (MSIR), released approximately two weeks ago, provides an "in-depth perspective" for...
AV vendors Race-to-Zero Clue
Hackers of the world will once again unite at DEFCON 16, this August 8th, one of the industry's top conferences. The world's best and brightest security minds will deliver presentations and papers, sharing their latest research...
Infosec Europe 2008 funded by Ministry of Silly Walks
For those of you illiterate in British comedy, the Ministry of Silly Walks is a fictitious British organization, which only existed in the world of Monty Python in the 1970's. The classical comedy sketch presents a man in need of...
Internet hit by Tornado
Evidence of a new "attack pack" has surfaced, reports Shaun Nichols, providing further proof of the organized complexity of exploit code. The web-based toolkit, called Tornado, is speculated to have been in operation for at least...
NSA holds 8th annual Cyber Defense Exercise
The National Security Agency/Central Security Service (NSA/CSS) Information Assurance Directorate is currently holding its 8th Annual Cyber Defense Exercise. It started on April 21st and will be coming to a close this Thursday...
The CIA Hack...still working.
Once this vulnerability was submitted by Harry Sintonen to Wired's Threat Level last week, it's been spreading like wildfire throughout the web. Discovery of a new XSS is nothing new, but does become noteworthy when it involves a...
Bookmark the 20 Useful IT security sites
About a week or two ago, Network World ran a good segment by Jon Brodkin…actually it was more of a slideshow with accompanying text…called, 20 Useful IT security sites. It did contain some of the best online resources for...
ActiveX Security...Licence to Kill Bit.
The exploitation of ActiveX controls is not new to the security community. While initially designed to provide website authors with new embeddable features, and granting Internet Explorer (IE) users access to these new functional...
Symantec Statistics and Malware's Mushroom Cloud
Initially, I set out to write this blog about the security risks involved with the misperception of numerical data, and the problems with conventional wisdom. However, my internet readings led me slightly off course, in pursuit of...
Seizing the Epilepsy Attack
I may be a couple of days late with this one, but this is one of those few times, when I am truly amazed by the malicious intent of an internet exploit. Hackers defacing a website, frequented by epileptics, to intentionally cause...
BlackHat Europe Review, 0day Patch bogus
Today, I will actually get to covering BlackHat Europe 2008, which came to a close on Friday of last week. The four day convention consisted of the usual training and briefings from some of the top technical experts in the security...
CamSecWest - Final thoughts
My last blog talked about Vancouver's CanSecWest, and I promised to give a wrap -up of BlackHat Europe today. But, I lied. Actually, I wanted to tie up some loose ends on CanSecWest before discussing BlackHat.Firstly, as most now...
Hacking in Canada
The past several days have been a busy and exciting time in the world of hacking. There have been presentations, demonstrations, and uber-pwnage, happening across the globe. Well...mostly Vancouver and AmsterdamHere are some...