Monthly Archives: May 2008
Owning the Mobile Workforce @ BlackHat 2008
Those who have worked with me, or at least had a beer with me, know my feelings on web based SSL VPNs. They are very useful, very complicated, and can be very insecure. Useful because they allow a mobile work force to connect to the enterprise from any computer with a web browser; complicated because [...]
Apple.com XSS
A few weeks ago I was looking into writing an application for my iPhone. At some point, I felt compelled to actually give it a shot, and I headed over to Apple’s web site to download XCode and whatever other tools I needed. Of course, I couldn’t remember my Apple developer center password, so I [...]
Hacking your bar for drunken profit
A few weeks ago I was grabbing a couple of beers in town with my buddy, John. We had a couple of rounds before John noticed what he thought was a Nintendo Wii sitting at the back of the bar, next to a cash register/point-of-sale terminal. It definitely was a Wii, but even more interesting [...]
Peer Guardian for Internal Penetration Tests
Most vulnerability scanners will allow you to configure an exception list. If an organization has an internal vulnerability scanning program in place they are probably aware of a few troublesome systems that don’t respond well to poking and prodding. (That ancient VAX, those Dell DRACs, that crazy plotter, etc…) It’s not uncommon to be asked [...]
