Not the boring pile of papers kind.. the shiny pants and sunglasses kind:
Turns out you can find him blogging these days at [http://research.zscaler.com/]
PS. if you dont know who RFP is, you are too young, and probably think w00w00 is leetspeak for a siren..
This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. "Prototype This" looks like it will be awesome..
I spent the rest of the day trying hard to catch the adverts at just the right time to get a pic of Joe, while excitedly saying "i cant believe joe is on TV" to deels to try to convince her that it was a better alternative than going out..
[Of course, the much more reasonable thing to do, would have been to check out their webpage]
Our good friend Anthony Olivier has launched his "IT Security Pubcast". So far 2 episodes are online, with episode #2 including our very own, ever quotable Charl van der Walt.
Check it out..
since forever, i've been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents inside their organisation and found that the vast majority, 73%, originated from outside. however, the majority of breaches occurred as a result of errors in internal behaviour such as misconfigs, missing patches etc. (62% of cases).
So attackers are generally outsiders taking advantage of bad internal behaviours, rather than local users finding 0-day. From the exec summary:
In a finding that may be surprising to some, most data breaches investigated were caused by external sources. Breaches attributed to insiders, though fewer in number, were much larger than those caused by outsiders when they did occur. As a reminder of risks inherent to the extended enterprise, business partners were behind well over a third of breaches, a number that rose five-fold over the time period of the studyOther interesting snippets that tie directly back into what we cover when we train, and why we think there is value in not only aiming at sploit-writing and 0-day:
Most breaches resulted from a combination of events rather than a single action.
Intrusion attempts targeted the application layer more than the operating system and less than a quarter of attacks exploited vulnerabilities.In other words, bite-sized chunks for the win, core/canvas/metasploit are cute but that's not how customers get owned most often in the real world.
Dino is the guy who added much shellcode coolness to MetaSploit, gave the world Karma, released the first virtualization rootkit for Intel (Vitriol), and gave much credibility to the Matasano crowd while he was there..
Although he left the consultancy gig, he popped up briefly again during the year to claim his macbook in the Cansec Hack the Mac challenge and popped up again to break second-life..
- -snip- What the exploit does Once the malicious file has been viewed by the victim, the attacker has complete control over the victim's computer - and Second Life avatar. At this point the exploit could make the avatar do anything they like. This particular exploit freezes the avatar and makes them send the attacker's avatar twelve Linden dollars and shout "I got hacked". - -snip-
Full points for style.. and full points for security geek coolness.. - -sigh- im such a fan-boy sometimes..
(you can watch a video of the attack here)