Intrepidus Group
Insight

Monthly Archives: July 2007

Dirty Dirty Wi-Fi: AT&T Wi-Fi Service Phishing?

Posted: July 30, 2007 – 1:51 pm | Author: | Filed under: Phishing

I’m sitting at Dulles airport right now, at gate C19, on my way to Vegas. I’m excited to catch up with friends and colleagues at BlackHat this year.  I realized a few days ago that my 81 slide presentation for DefCon isn’t for a 75 minute slot.. instead I’ll be trying to fit it into a […]

Rohyt Quoted in the E-commerce Times

Posted: July 27, 2007 – 11:32 am | Author: | Filed under: Articles

Jack Germain interviewed me on the security implications of peer-to-peer file sharing programs. Excerpts from that interview can be found in this article that discusses the grilling of the LimeWire CEO by a congressional committee. Personally, I stay away from P2P prgrams other than Skype voice chat. Yes, Skype voice conversations are peer-to-peer.  -Rohyt

EXIF Scrubbing: Hey, Harry! Know your Tool and Wash your Hands.

Posted: July 19, 2007 – 2:00 pm | Author: | Filed under: Tools

Those of us at the PhishMe blog would like to remind everyone of a very important lesson from our parents (and restaurants bathrooms). “Wash your hands”. The motto should be repeated by the camera man of those Harry Potter pictures reported on earlier in the week. Looks like a little Exif meta data wasn’t cleaned […]

Harry Potter Phishing Attack: Fact or Fiction?

Posted: July 16, 2007 – 1:34 pm | Author: | Filed under: Phishing

On June 19th a spoiler for the next Rowling book Harry Potter and the Deathly Hallows was posted to the full disclosure mailing list: http://seclists.org/misc/harrypotterspoilers.html (WARNING: If you’re a Harry Potter fan you may want to hold off reading it.) The spoiler was nothing more than a summary of which main characters allegedly die in […]

Session Fixation deserves its own spot in the OWASP Top Ten

Posted: July 13, 2007 – 12:37 pm | Author: | Filed under: Techno

Security conscious developers, world over, look to the OWASP Top Ten as their do’s and dont’s guide. The importance of this list, to the application development and security communities, cannot be exaggerated. Have a look at these impressive statistics from one of Jeff Williams’ recent presentations: Thus, a Top Ten vulnerability should be one that occurs […]

iPhone Phishing Bait: would you like fries with that?

Posted: July 11, 2007 – 5:31 pm | Author: | Filed under: Phishing, Spam

  We’ve all heard there’s no such thing as a free lunch, but this is not always easily remembered when online. The latest example of that is the number of iPhone related phishing messages that had flooded my inbox while I was on vacation (example – results). Some of the links didn’t even need to claim […]

McAfee’s “Groundbreaking” Phishing Study

Posted: July 5, 2007 – 9:55 pm | Author: | Filed under: Phishing

Recently, I came across a press release by McAfee citing the results of a “groundbreaking” study that talks about the psychological games played by phishers and email scam artists. The results of the study indicated that “cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information”. Frankly, I didn’t see anything groundbreaking […]

DefCon 15 schedule posted: Hack your car at 7pm Friday.

Posted: July 5, 2007 – 9:59 am | Author: | Filed under: Conferences, Techno

The Defcon 15 schedule has been posted and I’m glad to have the 7pm time slot on Friday. I’ve presented about automatic outbound covert channels using untraditional hardware in the past but this year my DefCon presentation is for the gear heads. Short summary: This presentation is about a modern cars ECU and how reflashing […]

Rohyt Cited in Industry Week Article

Posted: July 3, 2007 – 11:07 am | Author: | Filed under: Security Management

   Brad Kenney interviewed me about the unique information security challenges faced by manufacturing companies. Excerpts from that interview can be found in his IndustryWeek story –  From ID to IP Theft. Moral of the story: Large employee bases whose skill set is not in technology, coupled with fragmented operations make the job of an information security […]

image

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24470 items have been purified.