April 10, 2012

A cyber weapon

Posted in Exploits, Uncategorized at 15:22 by Alex McGeorge

There’s been a lot of discussion in the security industry recently around exploits, 0-day, ethics and how the government fits in to all of this. I disagree with some points in the recent Washington Post article, specifically how they (and presumably the Pentagon) are defining a ‘cyber weapon’ and a few other things*.

Word Count: ~850
Read the rest of this entry »

August 1, 2011

Commercial Exploits: Documentation

Posted in Exploits, Pen-Testing at 16:47 by Alex McGeorge

I look at exploits a lot in my day-to-day, I also QA a lot of exploits both internally and for others. This is part 2 of a series on what makes a good commercial exploit.

Word Count: ~500
Read the rest of this entry »

July 25, 2011

Commercial Exploits: Capabilities

Posted in Exploits at 16:49 by Alex McGeorge

I’m in a rare position in that I get to see and use a lot of professionally written exploits as part of my job. Not all exploits are created equal, these are my thoughts on what traits a commercial exploit needs to have. Part one of at least two.

Word Count: 488
Read the rest of this entry »

July 5, 2011

Coding for Death: Exploits that can Kill

Posted in Exploits at 03:04 by Alex McGeorge

This is the story of how I (probably) could have used an Acrobat bug to kill my Dad.

Word Count: ~890
Read the rest of this entry »

June 21, 2011

Exploits are like Guns: PT 2

Posted in Exploits, Guns at 03:11 by Alex McGeorge

Word Count: 550

@miaubiz asked a question: what about a Tec 9? Rather than focus on the specifics of this firearm we’ll label it for discussion as a full auto machine gun (which it isn’t, but I think this is a better example).

Read the rest of this entry »

June 20, 2011

Exploits Are Like Guns

Posted in Exploits, Guns tagged , , at 18:39 by Alex McGeorge

This inaugural post is an expansion on a tweet I sent out that got some folks curious, at less than 140 characters it is the tl;dr distillation. If you get it, and I think you’ll know immediately if you do, then there probably isn’t much in the rest of the post for you.

Selling exploits is like selling a firearm. People can use it to help protect themselves or to hurt others. I sleep fine either way. [0]

Read the rest of this entry »