Wednesday, January 2, 2008
Wednesday, January 2, 2008
Cryptography and Computer Security Resources
Crypto-Gram Newsletter
Algorithms
Blowfish
Twofish
Solitaire
Helix
Phelix
Free Software
Password Safe
S/MIME Cracking Screen Saver
Essays and Columns on Cryptography and Computer Security
Academic Papers by Bruce Schneier
Bibliography of Papers by Other People
Analyses
Microsoft PPTP
CMEA Digital Cellular
Wednesday, January 2, 2008
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
wardriving.com Wardriving news portal
– Ethereal/Tcpdump compatible data logging
– Airsnort compatible weak-iv packet logging
– Network IP range detection
– Built-in channel hopping and multicard split channel hopping
– Hidden network SSID decloaking
– Graphical mapping of networks
Q: What happens when I ask a question thats already answered here?
A: I’ll probably be rude to you and tell you to go read the docs.
But of course everyone already read the docs all the way to the end,
right? Right?
Greater Boston Area 802.11 Wireless Database
http://www.digivill.net/~mowse/gba80211/
NYC Wireless Group
http://nycwireless.net/
www.turnpoint.net
Turnpoint.net‘s wireless antenna shootout
antennasystems.com
Antenna Systems antenna supplier
pasadena.net
Pasadena.net wireless equipment
therfc.com
TheRFC RF Connector and custom cable supplier with no minimum order.
www.solwise.co.uk
Solwise UK connector and equipment supplier.
Tuesday, August 14, 2007
Beansec snuck up me this month but I will be helping to host the 13th installment of the only event of its kind in the Boston area. Come hang out and try to piece together those fuzzy memories from Vegas or tell me how that new German law makes you feel about working in the security industry.
BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month.
Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.
the Enormous Room in Cambridge:
567 Mass Ave, Cambridge 02139
Sunday, August 12, 2007
A really cool db has been leaked to the internet which contains releases to “the scene”. I did a quick search on the term “hackers” and got the following presented in chronological order.
Tuesday, July 17, 2007
This Wednesday will mark the 12th ever beansec! If you haven’t been to one yet or haven’t found time to attend then this is the month to make it.
BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month.
Come get your grub on. Lots of good people show up. Really.
Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.
the Enormous Room in Cambridge:
567 Mass Ave, Cambridge 02139
Thursday, March 22, 2007
谢谢 to everyone that made it out last night to Beansec. I have been so swamped with work and school that I didn’t have time to blog about it yet still 18-20 of you showed up! We are scheduled for the same time next month (3rd Wednesday).
Great topics that were discussed
Extending legal protections to security researchers
“Impact Factors” for vulnerabilities
The Pinkertons
The Security “Bubble”
Sunday, January 21, 2007
From the Sun Java .gif parsing vulnerability
— Disclosure Timeline:
2006.06.16 – Vulnerability reported to vendor
2006.12.18 – Digital Vaccine released to TippingPoint customers
2007.01.16 – Coordinated public release of advisory
— Credit:
This vulnerability was discovered by an anonymous researcher.
This vulnerability existed on the internet for half a year before a patch was issued. What are the chances that certain sites were serving out this exploit? I recently investigated an adult chat site that used a java client and was flagged for serving out other malware. I’m not making any claims here but throwing out some questions.
Also the credit is interesting to me. In the past credit was very much like academic citations. Researchers didn’t get paid for their work (just like academics don’t get paid to publish in journals) but receive a citation in the advisory. At worst one would create a handle and use that for advisories.
Tuesday, January 16, 2007
See you there.
Enormous Room: 567 Mass Ave, Cambridge 02139