The other night, we had the special privilege of being guests on Martin McKeay’s Network Security Podcast with co-host Rich Mogull. While having a great time several weeks ago at SunSec, and several beers into the night, we tricked Mogull into letting us crash the podcast… j/k :D
We started off with Mystery Malware affecting Linux/Apache […]

I have one ShmooCon ticket available for $300. Contact me if you are interested.
Why do I have one ShmooCon ticket for sale? I bought it in case we didn’t get accepted to ShmooCon, but we did! Dre, Tom Stracener of Cenzic (and formerly nCircle), and I will be giving a talk on:
Path X: Explosive Security […]

Here’s a new 2008 security prediction for you –
The iPhone camera is an odd device. There is no notification that a picture is being taken, so the only requirement for malware is to wait for user activity and then start taking pictures.
My prediction is that malware will be written to do just this and […]

Lesson 10: You could say I’m a little late on posting something. However, we’ve been up to a lot of great research, hopefully much of which we’ll publish here over the next few weeks.
We had a few posts lately, some of with a change of heart. The latest must-read from the blog world […]

Web application security scanners have not matured much. I guess patent wars and company-buyouts have caused a lot of stagnation over the past year. However, I think the problems may run deeper than just controversy and industry drama.
AppScan DE and DevInspect as exceptions — largely the web application security scanner industry is filled […]