SecureWorks Research Feed
Blog: DarkMarket: FBI Sting Closes E-Doors 
DarkMarket.ws (known in carding, identity theft, and other black-hat rings) went "Dark" earlier this month. DarkMarket was widely known and respected among criminals as a forum for exchanging stolen banking data, credit card information, and other underground activities. What users of the site didn't know was that the site wasn't really hosted by Eastern-European hackers. SecureWorks Research Feed, 2008-10-27 04:41:51
DarkMarket.ws (known in carding, identity theft, and other black-hat rings) went "Dark" earlier this month. DarkMarket was widely known and respected among criminals as a forum for exchanging stolen banking data, credit card information, and other underground activities. What users of the site didn't know was that the site wasn't really hosted by Eastern-European hackers. SecureWorks Research Feed, 2008-10-27 04:41:51
Blog: ClickJacking Attacks
ClickJacking has recently been getting lots of media attention. Security Researchers Robert Hansen ("RSnake") and Jeremiah Grossman planned to give a talk outlining this vulnerability at OWASP AppSec, but the talk was cancelled. At this point, some details have come to light. SecureWorks Research Feed, 2008-10-13 03:38:55
ClickJacking has recently been getting lots of media attention. Security Researchers Robert Hansen ("RSnake") and Jeremiah Grossman planned to give a talk outlining this vulnerability at OWASP AppSec, but the talk was cancelled. At this point, some details have come to light. SecureWorks Research Feed, 2008-10-13 03:38:55
Blog: BGP in the News
Border Gateway Protocol (BGP), the high level routing protocol that figures out how to route packets between ISPs and other large Internet entities, has been seeing a lot of press recently. While BGP is vitally important to the Internet, it's not often talked about in the mainstream press. However, two rather interesting security related issues have come up in the past few weeks.SecureWorks Research Feed, 2008-09-29 03:39:38
Border Gateway Protocol (BGP), the high level routing protocol that figures out how to route packets between ISPs and other large Internet entities, has been seeing a lot of press recently. While BGP is vitally important to the Internet, it's not often talked about in the mainstream press. However, two rather interesting security related issues have come up in the past few weeks.SecureWorks Research Feed, 2008-09-29 03:39:38
Blog: Droppin' Some Hashes
At SecureWorks, we follow a Responsible Disclosure Policy. As such, when we find vulnerabilities in other vendorsâ products or services, there is often a delay between the discovery and when we can publicly disclose the issue.SecureWorks Research Feed, 2008-09-29 03:39:38
At SecureWorks, we follow a Responsible Disclosure Policy. As such, when we find vulnerabilities in other vendorsâ products or services, there is often a delay between the discovery and when we can publicly disclose the issue.SecureWorks Research Feed, 2008-09-29 03:39:38
Blog: Speaking at ToorCon This Weekend
I have the honor of presenting at ToorCon X this coming weekend at the San Diego Convention Center. I will be delivering a new talk entitled âLoaded Dice: SSH Key Exchange & the OpenSSL PRNG Vulnâ at 2pm PDT on Saturday, September 27.SecureWorks Research Feed, 2008-09-29 03:39:38
I have the honor of presenting at ToorCon X this coming weekend at the San Diego Convention Center. I will be delivering a new talk entitled âLoaded Dice: SSH Key Exchange & the OpenSSL PRNG Vulnâ at 2pm PDT on Saturday, September 27.SecureWorks Research Feed, 2008-09-29 03:39:38
Blog: Speaking at DEFCON 16
I'll be delivering two talks at DEFCON 16 in Las Vegas this Friday, August 8th. My first talk, The Wide World of WAFs, covers web applications firewalls and some PCI DSS background. In talk that afternoon, Snort Plug-in Development: Teaching an Old Pig New Tricks, I'll be releasing GPL licensed Snort plug-ins for ActiveX control detection and for detecting OpenSSH clients and servers using a broken Debian OpenSSL PRNG.SecureWorks Research Feed, 2008-09-22 03:39:24
I'll be delivering two talks at DEFCON 16 in Las Vegas this Friday, August 8th. My first talk, The Wide World of WAFs, covers web applications firewalls and some PCI DSS background. In talk that afternoon, Snort Plug-in Development: Teaching an Old Pig New Tricks, I'll be releasing GPL licensed Snort plug-ins for ActiveX control detection and for detecting OpenSSH clients and servers using a broken Debian OpenSSL PRNG.SecureWorks Research Feed, 2008-09-22 03:39:24
Blog: Black Hat Briefings 2008 / DEFCON 16: It's a Wrap!
Updated presentation materials should be getting posted to the DEFCON site soon. Here are links to the slides for my WAF talk, and slides for my Snort-plug-in development talk.SecureWorks Research Feed, 2008-09-22 03:39:24
Updated presentation materials should be getting posted to the DEFCON site soon. Here are links to the slides for my WAF talk, and slides for my Snort-plug-in development talk.SecureWorks Research Feed, 2008-09-22 03:39:24
Blog: Black Hat 2008 Wrap Up
The saying goes: "What happens in Vegas stays in Vegas." Well, apparently not during the week of Black Hat USA 2008. Black Hat is one of the world's largest and most well known security conferences. Several members of the SecureWorks Counter Threat UnitSM had an opportunity to attend and we'd like to share some brief highlights from a few of the talks.SecureWorks Research Feed, 2008-09-22 03:39:24
The saying goes: "What happens in Vegas stays in Vegas." Well, apparently not during the week of Black Hat USA 2008. Black Hat is one of the world's largest and most well known security conferences. Several members of the SecureWorks Counter Threat UnitSM had an opportunity to attend and we'd like to share some brief highlights from a few of the talks.SecureWorks Research Feed, 2008-09-22 03:39:24
Blog: The Phish That Bites Back
We all get phishing emails. Some of us more than others, so it's no surprise that sometimes people take out their frustrations on the phishing form, letting the phisher know just what they think of him or her. SecureWorks Research Feed, 2008-09-22 03:39:24
We all get phishing emails. Some of us more than others, so it's no surprise that sometimes people take out their frustrations on the phishing form, letting the phisher know just what they think of him or her. SecureWorks Research Feed, 2008-09-22 03:39:24
Blog: Spam Predictions for 2007
We're nearing the end of 2006, the year in which Bill Gates said the problem of spam would be solved. Much to the contrary, spam is at an all-time high, with one mail filtering firm reporting that 90% of all email is spam. I'll be so bold as to make my own prediction for 2007 - not that we will see an end to spam, but instead, a new evolution.SecureWorks Research Feed, 2007-05-14 05:18:24
We're nearing the end of 2006, the year in which Bill Gates said the problem of spam would be solved. Much to the contrary, spam is at an all-time high, with one mail filtering firm reporting that 90% of all email is spam. I'll be so bold as to make my own prediction for 2007 - not that we will see an end to spam, but instead, a new evolution.SecureWorks Research Feed, 2007-05-14 05:18:24