For a period of time, it was possible to read snippets of memory on a screen-locked mac OS system from the USB port. A while back we noticed some interesting files created by macOS when inserting a USB drive. These files were related to Spotlight, macOS’s built-in search functionality which indexes and enables searching of files on the system, among other things. The presence of the files is fairly standard, as an invisible /Volumes/<Volume Name>/.
On April 21, 2009, the Bluetooth 3.0 specification was adopted by the Bluetooth Special Interest Group (SIG). This new specification includes new attributes such as: *High speed data transfer of large files (~24 Mbps) *Bluetooth low energy The new specification achieves these new attributes by including an 802.11 radio, aka Wi-Fi, that allows lower energy usage when attempting to transfer large amounts of data. While ultra-wideband (UWB provides ~480Mbps) was widely rumored to be included in the upcoming specification, it was absent from the final release.
I will be co-presenting “Getting Social with the Smart Grid” at this year’s DEF CON in Las Vegas. Littered with endless threats and vulnerabilities surrounding both social networking and the Smart Grid, the marriage of these two technologies is official, despite protests by the security community. Consumers love it because they can brag to their friends about how green they are. Businesses love it more because it provides fresh material for their marketing departments.
ShmooCon 2010 will be taking place in a few weeks and I am excited to make the annual trek up to D.C. to co-present the “Stealing Guests… The VMware Way” talk. I am also pretty excited about the activities and contest setup at our booth. Make sure you stop by before you start drinking.
Luckily I was able to escape Washington DC’s 3rd round of snow to enjoy the tropical 40 degree weather here in Tampa today and write this post. Despite the blizzard and its many names, the ShmooCon faithful came out in full force to make another great conference. As usual, ShmooCon featured interesting presentations, shenanigans, and a chance to hang out with those friends you usually only see at Cons. I want to thank everyone who attended the Stealing Guests…The VMware Way talk, especially since no one threw shmooballs at us.
Of the many ideas floating around the cyber security industry lately, there is one often overlooked but very effective approach: spying. Too often security personnel will look at developers as improperly educated code jocks, akin to Hollywood’s portrayal of “hackers” in the 1990s. Similarly, developers see the security analyst as an idealistic zealot with no concept of how things are in the “real world.” So the goal is to bridge the gap between the security and development groups.
We will be giving an update on XAB (Cross Site Scripting Anonymous Browser) with Jeff Yestrumskas at the OWASP DC Chapter’s next meeting on September 2 at 6:30PM. More details can be found here. See you there!
I will be giving a presentation on XAB (Cross Site Scripting Anonymous Browser) at the University of South Florida’s Whitehatters Computer Security Club’s next meeting on January 29th at 5:00PM. If you are a student at USF interested in learning about computer security, I highly encourage you to get involved with the club. See you there!
A new release of XAB, the framework that allows one to browse the web via XSS has been updated. This release will now accommodate all content-types, thus allowing any file format to be transferred through the framework. The latest release can be found at sourceforge: xab.sourceforge.net. We’re seeking volunteers to help out with development. We’d like to take this from a small research project to a community driven effort to expand the possibilities of what can be done with XSS.