Intrepidus Group

Monthly Archives: June 2007

Planning my Black Hat schedule

Posted: June 29, 2007 – 8:54 pm | Author: | Filed under: Conferences

I finally got my Black Hat presentation materials in, beating the deadline by just a few hours. I’m co-presentating with Keith Jones of Jones, Rose, Dykstra & Associates .  We’re talking about “insider” attacks and the challenges faced by investigators in tracing such attacks to their origins (presentation title: Smoke ‘Em Out).  Like all my other presentations, this one too, revolves […]

Spoofing Caller ID illegal? Bad news for social engineering

Posted: June 29, 2007 – 7:47 am | Author: | Filed under: Techno, Tools

This morning the story that caught my eye was a Slashdot link about CallerID Spoofing to be Made Illegal. `(1) IN GENERAL- It shall be unlawful for any person within the United States, in connection with any telecommunications service or IP-enabled voice service, to cause any caller identification service to transmit misleading or inaccurate caller […]

Offshoring Development? Security is Still Your Problem!

Posted: June 28, 2007 – 11:10 pm | Author: | Filed under: Security Management

Build that trans-continental security bridge! While pen testing applications for one of my clients,  I found that all the security issues I identified had the same 2 or 3 systemic causes. I made “strategic recommendations” – security training for developers and a security-aware SDLC, to name a couple. Months later, I went back to the […]

Spoof: vulnerable to CSRF

Posted: June 28, 2007 – 3:49 pm | Author: | Filed under: Humor

I was doing some security research this morning and was quite alarmed to find out that SECURITY VENDORS are vulnerable to CSRF. DarkReading has the story here: CSRF Bug Runs Rampant Being a curious person I thought I’d try to find some CSRF vulnerabilities of my own. I was shocked to find out that the […]

Airport Security: I’m pretty sure I can produce 3oz’s of liquids (or gels) while in flight

Posted: June 26, 2007 – 1:32 pm | Author: | Filed under: Uncategorized

I didn’t come up with the joke in the title but I nearly turned blue from laughing so hard while watching the now famous SNL TSA Security skit. (Catch it on YouTube if you haven’t seen it yet: If your job requires you to fly often, then you probably have some complaints about the […]

Windows Passwords: Guess-ability v/s Crack-ability

Posted: June 26, 2007 – 1:31 pm | Author: | Filed under: Techno, Tools

Windows password complexity can often be misleading. A “complex” password may be hard to guess without reaching the account lockout threshold, but not necessarily hard to crack. On a recent engagement, I found that the password complexity policy and account lockout policies were set as recommended. The passwords had to be 8 characters long (at a […]

Introduction Post: Welcome to

Posted: June 26, 2007 – 1:31 pm | Author: | Filed under: Uncategorized

Welcome to – the home of rand(security)and technology discussions. We will use this blog to comment on topics like cool phishing ploys, IM and its privacy implications, hacking cars, and bashing on (or bowing to) the latest application hacks. Security geeks and a love of technology go hand in hand so expect some commentary […]


Posted: June 25, 2007 – 4:03 pm | Author: | Filed under: Uncategorized was created by the Intrepidus Group. Intrepidus Group is a leading provider of information security consulting services. To learn more about our company and our services, please visit our main site.


This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24799 items have been purified.