Month: June 2013

  • Customer Service; Why I am mad before we start talking…

    Back in the early ’90s, as part of my interest in phone systems and BBSs, friends and I looked at creating our own voice mail system. Back in the day, voice mail was still a developing technology. It wasn’t just about calling a number and leaving a message if no one answered. Hackers and phreaks…

  • My Penguin Encounter

    Yesterday, I went to the Denver Zoo to attend one of the new Animal Adventures. For 90 minutes, we got a guided tour of the Bird World exhibit, as well as behind the scenes access to the kitchen, and private time with a penguin (the real reason to go). We sat down in the visitation…

  • My kind of reality TV…

    Reality TV has become a staple for U.S. television. We all know that a majority of the shows are complete trash, and yet millions tune in religiously to watch them. In some cases, it is no different than watching a car wreck or a scene of utter amazement. Almost everyone who watches TV has at…

  • Local File Inclusion vs Arbitrary File Access

    [This was originally published on the OSVDB blog.] Notes for this blog have been lingering for over three years now. In the daily grind to aggregate vulnerabilities, the time to write about them gets put on the back burner frequently. Rest assured, this is not a new issue by any means. Back in the day,…

  • Mobile Devices and Exploit Vector Absurdity

    [This was originally published on the OSVDB blog.] The last few days has seen several vulnerabilities disclosed that include serious gaps in logic with regard to exploitation vectors. What is being called “remote” is not. What is being called “critical” is not. Here are a few examples to highlight the problem. We beg of you,…

  • Why Squirrels…

    I get that question frequently, for obvious reasons. Not only is the attrition.org mascot a demented angry squirrel named Lazlo, but I seemingly have a serious fixation on squirrels if you read my Twitter stream. For over two years, I have been feeding squirrels that made their way up to my balcony, some that come…

  • A Personal Challenge

    A personal challenge, as in, the kind where i challenge myself. Last year, I got my friend Tamba a birthday gift of entry into the Tough Mudder Colorado. Since I was not in appropriate shape, I signed up as a spectator and ended up photographing the event. Two nights before the event, Tamba broke his…

  • Security, Ethics, and University

    [This was originally published on the OSVDB blog.] In the U.S., you are expected to know and live by certain ethical standards related to school. You are taught early on that plagiarism is bad for example. You are taught that school experiments should be done in a safe manner, that does not harm people or…

  • A Directionless Panel Paid Off…

    Recently at BSidesDenver 2013, I moderated a panel called ‘Everything is Pwned’. Or at least, that is what I posited. I had loose guidelines to qualify that, and one panelist called me out for not being as specific as I should have been on them. He also called me out because I didn’t have a…

  • So you want to present…

    I’ve been attending InfoSec conferences since DEF CON 2, in 1994. Add up all the conferences I have been to, and all the presentations I have seen (in person or video later); quite a few to be sure. In the last year, I have been part of several CFP teams, where we review proposed presentation…