Blog Posts

You have to love attention to detail…

It’s pretty common for people to hate Apple and to pick on the apple-tax, but then you spot something like this and you just have to smile (that special blend of fanboy smile!). The standard icon for textpad is clearly a text pad with a pen. I was looking into icons, and ended up maximizing the text pad icon. (click for full size) The quote was heavily used during early Apple commercials, but like many things Apple, it’s just the

Continue Reading

Capital Magazine Article (in German)

Nils Kreimeier wrote an article for Capital Magazine on cyber-war based on interviews he did at the CCDCOE conference earlier this year. The article is in German but does feature exciting Atari style graphics superimposed on scary looking hackers. [Grab a copy here]

Continue Reading

Why Intel's purchase of McAfee is a good indicator for Africa..

The Internet lit up last week with news of Intel’s purchase of McAfee. Every analyst (and his dog) has chimed in on what it means, from “Anti Virus on a chip”, to just “a national security disaster“. I think it has a subtler implication that bodes well for developing nations. – In the ongoing competition between hardware and software, hardware just flinched. Watching Intel spend almost a years worth of profit on McAfee made me think of Professor Clayton Christensen

Continue Reading

BlackHat 2010 – Slides / Paper / Rest..

Hello. How ’bout that ride in? I guess that’s why they call it Sin City. [1] BlackHat this year passed in a blur. In retrospect staying in Vegas for only 3 nights was probably a bad idea. (This is especially obvious when you consider that the round trip involves about 60 hours of travelling time) I got in and mostly hid in my room working on the talk. I did the talk, and promptly hid in my room feeling sick

Continue Reading

Viva las Vegas?

July in information security means Vegas heat, dark t-shirts and “BlackHat“. Over the year there have been many new infosec conferences, but BlackHat remains the premier event for the infosec community. In a few minutes, i’ll start the >24hour journey towards the insanity^2 (Vegas is crazy, and the injection of the Defcon crew just dials up the crazy-meter). My talk this year turns me into infosec historian: “Memory Corruption Attacks: The (almost) Complete History… Buffer Overflows, Stack Smashes and Memory

Continue Reading

Conference on Cyber Conflict – Slides..

The CCDCOE (Cooperative Cyber DefenceCentre of Excellence) held its Conference on Cyber Conflict in Tallinn, Estonia. It was an interesting opportunity to see some of the issues that lurk beneath the “CyberWar” banner. Charlie Miller (of pwn2own fame) and i were invited to talk about things from an attackers perspective. Both our talks avoid the question of “Is the threat real?” (Which i think was answered awesomely by the talk given by Bryan Krekel and George Bakos of Northrop Grumman),

Continue Reading

200 Young South Africans you must take to Lunch

The Mail & Guardian published their 2010 list of “200 Young South Africans you must take to Lunch“. According to their page: “These are young people who will shape our country in the decades to come, in the sporting arena, in public life and in business.” I made the list under Technology, which was really quite flattering. (thanks M&G, @singe) Deels forced me to attend the lunch (which i would normally have found an excuse to avoid), and i was

Continue Reading

Memory Corruption and Hacker Folklore

A while back i thought it would be nice if we had an authoritative source of memory corruption attacks (and mitigations) in a single document. I resisted mainly because: It seemed like a lot of drudgery for something we have been able to do well without, It steers towards the word “taxonomy” [1] I was a little lazy. [1] Dave Aitel has posited that “people who thing (sic) of things as “Taxonomies” are always headed in the opposite direction from

Continue Reading

Vicarious Success

With the Champions League reaching it’s crescendo, and 2010 being a world cup year, it’s hard to get away from sports mania. I can understand national pride and I can even understand the joy of a good match. (I was sport crazy through high school/university and sometimes played up to 3 organized football marches per week (for different teams in different leagues)). What I don’t get is the insanely fanatical talk of “my team did X” or the even stranger

Continue Reading

Site Footer

Authored with 💚 by Thinkst