All alarms went off last week when a serious security flaw called Heartbleed in the OpenSSL cryptographic library was published. This library is used by a large part of the servers on the Internet as well as much security software.
As it could not be otherwise, the conspiracy theories claim this bug was introduced or abused for some time by the NSA. Anyway, this bug proves that Open Source software isn’t safer if nobody looks . . . → Read More: Heartbleed: pain, blood and code
I’m back from Black Hat ASIA 2014 in Singapore, where I had the pleasure of giving a talk on the security of cross-platform mobile technologies for developing mobile apps. The last Black Hat ASIA was in 2008 and the last time in Singapore was in 2003, time flies!
In the event there were several Spaniards such as Jose Miguel Esparza with its workshop on PDF analysis, Leonardo Nve with DNS attacks and finally Alberto . . . → Read More: Spaniards in the Black Hat ASIA
This morning I saw a job offer from Facebook looking for offensive security engineers and I thought it would be a wonderful opportunity to explore this idea and its application in corporate security.
Traditionally information security in enterprises has a defensive role based on different products (firewall, anti-virus, IDS, etc.). But when week after week we read in the media as businesses of all sizes are attacked and owned, something is wrong here!
Internet and . . . → Read More: The need to evolve defensive security to offensive security
February has been both very interesting and busy! On February 17th I had the pleasure of collecting the first award of VULNEX by Spanish security magazine Red Seguridad for IT Innovation for our collaboration with DARPA (Defense Advanced Research Projects Agency of the Department of Defense, USA) which produced BinSecSweeper, a technology that allows us to verify the security posture of any binary.
You can find a great chronicle of the event here and below . . . → Read More: VULNEX Award and RSA USA speaker experience!
Last week I had the pleasure of giving a talk entitled “Cyber Security: time for change” on my vision of corporate cyber security posture during an event organized by Page Personnel Spain (thanks for having me!), and I already advance that a change is much needed to combat the constant threats on the Internet.
The talk began with a description of the different attacker profiles from casual attackers, employees, hacktivists and cybercrime to Nation-State attackers . . . → Read More: Enterprise Computer Security must CHANGE
Last week the OWASP AppSecUSA 2013 conference was held in the legendary New York City , where I had the pleasure of giving a talk on security software development title “Verify Your Software for Security Bugs” and present my new project BinSecSweeper, a technology that allows you to verify the security posture of any binary on different platforms.
The development of BinSecSweeper was possible thanks to an R&D grant from the DARPA Cyber Fast Track . . . → Read More: AppSecUSA & BinSecSweeper Talk
I have been wanting to read this book for a long time, finally I managed to make time and I have to admit that it has exceeded my expectations. This magnificent work written by reputed experts in iOS, one of the top mobile platforms, on mobile security such as Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philip Weinmann reveals the secrets of Apple mobile operating system.
iOS Hacker’s Handbook (ISBN: 978-1-118-20412-2) is . . . → Read More: Book Review: iOS Hacker’s Handbook
Python is an easy and powerful programming language that allows us to write sophisticated programs: Dropbox and BitTorrent are excellent examples. It is common that Python programs are delivered in source code, but in some cases different techniques like obfuscation and compilation are applied to protect the code from curious eyes. But do these techniques really work?
In this article we will see some tools that supposedly help us to protect our code and how . . . → Read More: AppSec: Myths about Obfuscation and Reversing Python
While reading the book synopsis, we realize that this is not the typical book of how to succeed in business. Written by Louis Ferrante, former mobster of the Gambino family and converted writer, compare us the structure of the mafia and its peculiar style of doing business for success in the business world.
Mob Rules: What the Mafia Can Teach the Legitimate Businessman (ISBN: 978-1591843986) is a different and easy to read book that describes . . . → Read More: Book Review: Mob Rules. What the Mafia Can Teach the Legitimate Businessman
Yesterday, July 17th, I taught a free workshop about the OWASP Top Ten 2013 which was published recently that describes the 10 most common vulnerabilities in Web applications. This free workshop is a collaboration between the Catedral de Innovación of the City Council of Madrid, Spain and VULNEX to raise awareness about cyber security.
You can download the presentation from VULNEX website.
If you develop web applications, this document is for you!
Here I leave . . . → Read More: OWASP Top Ten 2013 free workshop