April 10, 2012
A cyber weapon
There’s been a lot of discussion in the security industry recently around exploits, 0-day, ethics and how the government fits in to all of this. I disagree with some points in the recent Washington Post article, specifically how they (and presumably the Pentagon) are defining a ‘cyber weapon’ and a few other things*.
Word Count: ~850
Read the rest of this entry »
August 1, 2011
Commercial Exploits: Documentation
I look at exploits a lot in my day-to-day, I also QA a lot of exploits both internally and for others. This is part 2 of a series on what makes a good commercial exploit.
Word Count: ~500
Read the rest of this entry »
July 25, 2011
Commercial Exploits: Capabilities
I’m in a rare position in that I get to see and use a lot of professionally written exploits as part of my job. Not all exploits are created equal, these are my thoughts on what traits a commercial exploit needs to have. Part one of at least two.
Word Count: 488
Read the rest of this entry »
July 5, 2011
Coding for Death: Exploits that can Kill
This is the story of how I (probably) could have used an Acrobat bug to kill my Dad.
Word Count: ~890
Read the rest of this entry »
June 21, 2011
Exploits are like Guns: PT 2
Word Count: 550
@miaubiz asked a question: what about a Tec 9? Rather than focus on the specifics of this firearm we’ll label it for discussion as a full auto machine gun (which it isn’t, but I think this is a better example).
June 20, 2011
Exploits Are Like Guns
This inaugural post is an expansion on a tweet I sent out that got some folks curious, at less than 140 characters it is the tl;dr distillation. If you get it, and I think you’ll know immediately if you do, then there probably isn’t much in the rest of the post for you.
Selling exploits is like selling a firearm. People can use it to help protect themselves or to hurt others. I sleep fine either way. [0]
