Donkey On A Waffle : /2008/Jan/31

@Stake - A Brief History

Thu, 31 Jan 2008 15:25

Here is a very interesting article from three former coworkers of mine. It really brought back some nostalgia as I worked with these gents for a few years. Now that they are all at Veracode I'm positive that it will succeed. Best of luck guys!

Former @stake researchers rekindle past, discuss Symantec spin-off

@stake, the famed consulting and research boutique that was acquired by Symantec in 2005, occupies a unique place in the history of the security industry. Many of the top researchers in the world passed through its doors and the company served as a launching pad for a number other security companies, including Matasano Security and iSec Partners. Former @stakers also helped found the security teams at Microsoft and other large software vendors. As part of Information Security's recent 10th Anniversary issue, Executive Editor Dennis Fisher sat down with Chris Wysopal, Christien Rioux and Chris Eng, all early @stake employees, to talk about @stake's history, culture and the company's continued influence on the security industry.

Home | Tags: infosec | Category: /infosec | Link

Counterfeit Hardware

Thu, 31 Jan 2008 14:44

I received this Powerpoint from one my professors at James Madison University Infosec (Thanks Brett). It turns out there is a rampant issue with the creation, sale, and purchasing of counterfeit information technology hardware. Specifically the report calls out Cisco related products such as routers and switches. These are the very devices that make up the heart and soul of the Internet. While I guess I always knew that the possibility was there for reverse engineering of and thus construction of counterfeit hardware, I never really saw it in writing somewhere that outlines the severity of the issue. Check out the slide deck for more details.

What makes this really scary is that the creation of counterfeit hardware lends itself very well to the introduction of low level firmware based rootkits and other subversive mechanisms. If foreign governments or crime syndicates were to really do this right, they would be selling counterfeit systems that capture and disseminate data or alternatively could be easily disabled in a time of war (information warfare techniques). The later would be extremely difficult to detect, with a high degree of assurance, especially if the implementation of the subversion was done sparingly and not on all devices.

Scary stuff huh?

Home | Tags: infosec | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Papers and Presentations
Twitter Feed
txs Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (144)
  book_reviews/ (7)
  generic/ (36)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: