Friendfeed and 0days

Acting on a tip from a very "close" friend, I joined Friendfeed officially. The company is founded by two leading ex-Google millionaires...

* The guy who created Google Maps
* The guy who created Google Mail

They are smart :-P Anyway, of course the first thing I had to do was break their web application for them and then send along the details! Since I am not evil and knew they could easily fix the problems, I disclosed the details to them privately and quickly. These dudes are so damn efficient that they fixed the few bugs I sent to them in a matter of minutes on the live site. Pretty impressive. Now anyone that utilizes friendfeed.com is just a little more secure, including myself :-) I inported all my accounts too. Find me here...

http://friendfeed.com/khermans

Identify 0day attacks in seconds...

The ability to detect 0days against your assets is a breeze with tools like ArcSight. Recently discovered attack against a system, PE header overlapped sig fired from http sniffing, pwned box started chatting on network, and within minutes it was disconnected from the network. Got a sample of the file mm.exe, packed with UPack, but PEid failed to process it, so utilized PE Explorer UPack plugin, started to do some disassembly on the executable, noticed it sets some registry keys to bind itself to the system, and then loads some keylogger code. Very nice catch indeed. This shit is all too common these days. You gotta love lazy malware authors ;-P

Coast-to-Coast and The Last Hope!

I have a driver's license from Massachusetts, an apartment in California, and a boss in Texas. Some might say my life is stretched across the USA :-P But I enjoy traveling a lot these days. I just got back from The Last HOPE, and although I didn't get to spend a lot of time in New York, I still had much fun...