Cyber Intelligence Universe

In recent years all “cyber” is fashionable, and intelligence applied to the cyber world could not be less! The concept of intelligence has an offensive meaning due to the use by intelligence and military agencies, but now too many security vendors position their products as intelligence solutions able to identify potential threats.

With the use of these security products many private organizations “believe” that they are getting intelligence but their vision is very limited:

The . . . → Read More: Cyber Intelligence Universe

Theoretical attacks on a Sex Robot: Roxxxy

The True Companion company markets for the last few years the first robot to have sex with: Roxxxy. Unfortunately it is not possible to find too much information about the technical features of the robot on the company website, but with the available information a few conclusions can be drawn, so I thought it would be fun to do a post about possible attack vectors.

Disclaimer: everything described here is based on information obtained from . . . → Read More: Theoretical attacks on a Sex Robot: Roxxxy

Heartbleed: pain, blood and code

All alarms went off last week when a serious security flaw called Heartbleed in the OpenSSL cryptographic library was published. This library is used by a large part of the servers on the Internet as well as much security software.

As it could not be otherwise, the conspiracy theories claim this bug was introduced or abused for some time by the NSA. Anyway, this bug proves that Open Source software isn’t safer if nobody looks . . . → Read More: Heartbleed: pain, blood and code

Spaniards in the Black Hat ASIA

I’m back from Black Hat ASIA 2014 in Singapore, where I had the pleasure of giving a talk on the security of cross-platform mobile technologies for developing mobile apps. The last Black Hat ASIA was in 2008 and the last time in Singapore was in 2003, time flies!

In the event there were several Spaniards such as Jose Miguel Esparza with its workshop on PDF analysis, Leonardo Nve with DNS attacks and finally Alberto . . . → Read More: Spaniards in the Black Hat ASIA

The need to evolve defensive security to offensive security

This morning I saw a job offer from Facebook looking for offensive security engineers and I thought it would be a wonderful opportunity to explore this idea and its application in corporate security.

Traditionally information security in enterprises has a defensive role based on different products (firewall, anti-virus, IDS, etc.). But when week after week we read in the media as businesses of all sizes are attacked and owned, something is wrong here!

Internet and . . . → Read More: The need to evolve defensive security to offensive security

VULNEX Award and RSA USA speaker experience!

February has been both very interesting and busy! On February 17th I had the pleasure of collecting the first award of VULNEX by Spanish security magazine Red Seguridad for IT Innovation for our collaboration with DARPA (Defense Advanced Research Projects Agency of the Department of Defense, USA) which produced BinSecSweeper, a technology that allows us to verify the security posture of any binary.

You can find a great chronicle of the event here and below . . . → Read More: VULNEX Award and RSA USA speaker experience!

Enterprise Computer Security must CHANGE

Last week I had the pleasure of giving a talk entitled “Cyber Security: time for change” on my vision of corporate cyber security posture during an event organized by Page Personnel Spain (thanks for having me!), and I already advance that a change is much needed to combat the constant threats on the Internet.

The talk began with a description of the different attacker profiles from casual attackers, employees, hacktivists and cybercrime to Nation-State attackers . . . → Read More: Enterprise Computer Security must CHANGE

AppSecUSA & BinSecSweeper Talk

Last week the OWASP AppSecUSA 2013 conference was held in the legendary New York City , where I had the pleasure of giving a talk on security software development title “Verify Your Software for Security Bugs” and present my new project BinSecSweeper, a technology that allows you to verify the security posture of any binary on different platforms.

The development of BinSecSweeper was possible thanks to an R&D grant from the DARPA Cyber Fast Track . . . → Read More: AppSecUSA & BinSecSweeper Talk

Book Review: iOS Hacker’s Handbook

I have been wanting to read this book for a long time, finally I managed to make time and I have to admit that it has exceeded my expectations. This magnificent work written by reputed experts in iOS, one of the top mobile platforms, on mobile security such as Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philip Weinmann reveals the secrets of Apple mobile operating system.

iOS Hacker’s Handbook (ISBN: 978-1-118-20412-2) is . . . → Read More: Book Review: iOS Hacker’s Handbook

AppSec: Myths about Obfuscation and Reversing Python

Python is an easy and powerful programming language that allows us to write sophisticated programs: Dropbox and BitTorrent are excellent examples. It is common that Python programs are delivered in source code, but in some cases different techniques like obfuscation and compilation are applied to protect the code from curious eyes. But do these techniques really work?

In this article we will see some tools that supposedly help us to protect our code and how . . . → Read More: AppSec: Myths about Obfuscation and Reversing Python