May 19, 2007

I’ve been invited to speak at DEFCON 15 this August which is being held at the Riviera Hotel & Casino in Las Vegas. I’ll be presenting on some new research I’ve been working on involving VoIP and steganography. The presentation will be entitled “Real-time Steganography with RTP.”


Mnemonic Password Formulas

May 18, 2007

A research paper that I recently authored entitled Mnemonic Password Formulas was published on Monday in Uninformed Journal Vol. 7. It’s essentially some research that I’ve done on the deficiencies in existing methods for memorability and manageability of passwords as well as documentation of a new method for the same that I’ve termed “Mnemonic Password Formulas”, or “MPFs”, that I have been developing for my own personal use over the past 6 years or so. If you’re a computer user and use passwords, I invite you to read this paper.

Month of Meat-Space Bugs

April 6, 2007

Yesterday I created and announced the Month of Meat-Space Bugs (MOMSB) project. Don’t know what meatspace is? You obviously don’t read enough cyberpunk sci-fi… Follow the link above to the MOMSB project and read all about it!

CAUNewswire – CAU Introduces PHREAK™ Certification for telephony hackers

April 5, 2007
                       ,pP""Yq,  ,pP""Yq,  ,d    b,
                      i$l    l$i $l    l$ i$l    l$i
                      $$     !$$ ,gP""Yp$$$$      $$
                      $$        i$l    l$$$$      $$
              `$$$$$  $$     !$$$$      $$$$      $$  $$$$$'
               `$$$$  i$l    l$ii$l    l$$i$l    l$i  $$$$'
                `$$$$  Y$,  ,$P  Y$,  ,$$ $Y$,  ,$P  $$$$'
                 `$$$$  `""""`    `""""`""  `""""`  $$$$'
                      computer academic underground

AUSTIN, Texas, April 05 2007 /CAUNewswire/ —

CAU announced today it’s second specialized certification offering into the Information Security Certifications market, the Phone Hacker, Researcher, Exploiter, And Konqueror (PHREAK) certification. Nearly two years since introduction of it’s extremely successful first offerings of the CAU Certified Information Systems Security Practitioner (C²ISSP) certification, as well as it’s first specialized certification, the Hacker and Xtreme 0day Researcher (HAX0R) certification, this new certification is targeted toward all hackers who specialize in vulnerability and exploit development within the scope of targeting and exploring telephony systems and technology.

In continuing the trend that CAU started with their first two certifications, the PHREAK certification process is also FREE, as in “free beer,” not as in “free speech.”

More information on CAU’s Information Security Certifications can be found at the organization’s website, under the Certifications area:

Or via email to the CAU Certifications Review Board, at

CAU-2007-0001: Window Transparency Information Disclosure

April 1, 2007

An information disclosure attack can be launched against buildings that make use of windows made of glass or other transparent materials by observing externally-facing information through the window.


January 25, 2007

I have been accepted to speak at the EUSecWest information security conference in early March on the topic of VoIP Attacks.

MySpace Worm

December 7, 2006

It seems that someone went the extra mile and combined the MySpace Trojaned Navigation Menu vulnerability that int3l dropped an advisory on to Full Disclosure on November 16th with a “feature” in Apple’s QuickTime player to create a MySpace worm. Apparently, infected pages host a malicious QuickTime movie that when played uses JavaScript to employ the technique in our advisory to replace the page’s navigation menu redirecting the links to a phishing site. The phishing site collects user credentials, then uses those credentials to add the malicious QuickTime movie to those user’s profiles.

Original alert from WebSense is here.

Other press can be found via google search.

VoIP Attacks!

October 19, 2006

I recently presented at ToorCon 8 on the topic of VoIP attacks. You can find slides in various formats as well as video of the presentation in the speaking section of my personal page.

CAU joins NMRC-Net

June 21, 2005

CAU now provides a public SILC (Secure Internet Live Conferencing) server as part of the NMRC-Net SILC network. To connect, point your SILC client at:

You can find out more about SILC at and NMRC-Net at

New OS-X Race Condition Exploit by intropy

June 13, 2005

Mac OS X 10.4 launchd Race Condition Exploit