October 30, 2014

Security and Celebrity

Posted in Uncategorized at 20:50 by Alex McGeorge

I read a note in the Washington Post express today about Kim Kardashian being a brand spokesperson for BlackBerry. The Post staff did something interesting and looked at her last 200 tweets and found that most of them weren’t posted from a BlackBerry and that got me thinking.

If you become famous enough that obtaining nude pictures of you is worth burning several bugs on (App, OS, RAT/RootKit), you find yourself in a league usually populated by military and politicians. But they actually have a lot more disadvantages. For example, as a celebrity you’re constantly under unapologetic surveillance. You’re going to be photographed using your phone, so it will be easy to determine what platform you’re using. Further, celebrities have publicists and publicists have staff who all use their own devices who will likely have access to your accounts. Each person who is in charge of managing your digital accounts and devices now increases the number of people who can make poor security decisions on your behalf. Complicating matters even more, celebrities wouldn’t have access to an army of trained nerds to help stop them and their support staff from making security blunders.

I’m definitely not surprised that private pictures and data from celebrities have surfaced on the internet. If you’ve followed that story at all I’m sure you’ve heard the rumors of a vast underground network of people who trade in that data amongst themselves. If you’ve ever read Speed Tribes by Karl Greenfield there’s a section about this kind of thing happening in Japan back in the 90s. People certainly do trade illicit data on line, personal and pornographic included, so it strikes me as plausible that the rumor has some truth to it.

So what to do? I have to imagine that The Fappening reverberated with a lot of American celebrities, maybe even internationally as well. Seems to me that talent agencies should be offering some kind of service for this. Private cloud, locked down smart phones and tablets, an actual person to review logs collected from your devices to determine what kind of silly shit you’ve been doing. Seems like a niche that could be filled. Talent agencies know how to manage talent, I don’t see many celebrities contracting out to private cyber security firms to do this kind of thing. Though to be fair many contract out to executive protection as well, though I would think the power dynamic between those two services (who cares more about your image, your agent or your body guard?) would be different in a meaningful way.

July 31, 2012

BlackHat 2012: Vendor’s Perspective

Posted in BlackHat, Conferences tagged , , , , at 11:59 by Alex McGeorge

I was a vendor/sponsor at BlackHat 2012, here are a few things about the conference from my perspective.

Word Count: < 1000

Read the rest of this entry »

April 10, 2012

A cyber weapon

Posted in Exploits, Uncategorized at 15:22 by Alex McGeorge

There’s been a lot of discussion in the security industry recently around exploits, 0-day, ethics and how the government fits in to all of this. I disagree with some points in the recent Washington Post article, specifically how they (and presumably the Pentagon) are defining a ‘cyber weapon’ and a few other things*.

Word Count: ~850
Read the rest of this entry »

January 19, 2012

Stuff I learned while writing a CTF

Posted in education, infiltrate, Pen-Testing tagged at 16:04 by Alex McGeorge

This blog entry talks about some of the lessons I learned running the WebHacking class for Infiltrate 2012 which included a WarGame/CTF style hootenanny on the final day.

To be clear, I didn’t write the entire thing myself, I had a ton of help. Many Immunity folks contributed to this class in their spare time while also doing consulting or other work. So high fives to the following hombres in alpha order: Admin Team (Carissa and Vanessa), Chris, Dami, Dave, Justin, Leonardo, Matias, Mark, Miguel and Nico

Word Count: ~2000
Read the rest of this entry »

November 18, 2011

Book Review: A Bug Hunter’s Diary by Tobias Klein

Posted in Book Review tagged , at 18:52 by Alex McGeorge

This book is good, but it is good in a very particular way. What follows is a read-through review, I didn’t work through all the code examples.

Word Count: ~670
Read the rest of this entry »

October 12, 2011

Book Review: Reamde by Neal Stephenson

Posted in Book Review, Pen-Testing tagged , , , , at 16:22 by Alex McGeorge

I recently finished the latest Neal Stephenson book, Reamde. I really enjoyed it, stylistically I think it is most similar to Cryptonomicon and is definitely an improvement (for me) over Anathem. The book does incorporate some realistic hacking plot devices to further the story. All of my complaints are really pedantic, which is to say Stephenson executed the hacking bits very well and they do not detract from the story. My review is going to focus on those pieces of the novel. A more in depth technical look that probably contains spoilers is below.

Word Count: ~1000
Read the rest of this entry »

August 29, 2011

Personality Traits for Pen-Testers

Posted in Pen-Testing, Psychology at 16:40 by Alex McGeorge

I recently had occasion to think about some personality traits that make can good pen-testers.

Words: 486

Read the rest of this entry »

August 15, 2011

Ethical Question: 0x1

Posted in Ethical Questions at 17:01 by Alex McGeorge

Ethical Questions for Pen-Testers: 0x1

Topic: Information Disclosure
Goal of this post: Something to ponder, hopefully a recurring series
Word Count: 392

Read the rest of this entry »

August 12, 2011

Certifications and hats

Posted in Certifications, Lingo tagged at 15:13 by Alex McGeorge

Most certifications are crap, the hat color thing is ridiculous.

Word Count: 544
Read the rest of this entry »

August 1, 2011

Commercial Exploits: Documentation

Posted in Exploits, Pen-Testing at 16:47 by Alex McGeorge

I look at exploits a lot in my day-to-day, I also QA a lot of exploits both internally and for others. This is part 2 of a series on what makes a good commercial exploit.

Word Count: ~500
Read the rest of this entry »

Next page