INSIGHTS, NEWS & DISCOVERIES
FROM IOACTIVE RESEARCHERS

Monday, October 28, 2013

Hacking a counterfeit money detector for fun and non-profit

By Ruben Santamarta @reversemode


In Spain we have a saying "Hecha la ley, hecha la trampa" which basically means there will always be a way to circumvent a restriction. In fact, that is pretty much what hacking is all about.

It seems the idea of 'counterfeiting' appeared at the same time as legitimate money. The Wikipedia page for Counterfeit money  is a fascinating read that helps explain its effects.

Tuesday, October 22, 2013

NCSAM - Lucas Apa explains the effects of games cheating, 3D modeling, and psychedelic trance music on IT security

By Lucas Apa @lucasapa

I got involved with computers in 1994 when I was six years old. I played games for some years without even thinking about working in the security field. My first contact with the security field was when I started to create "trainers" to cheat on games by manipulating their memory. This led me to find many tutorials related to assembly and cracking in 2001, when my security research began.

Monday, October 21, 2013

NCSAM – Eireann Leverett on why magic is crucial

By Eireann Leverett @blackswanburst and Craig Brophy @CraigBrophy

Late last week I had the pleasure of interviewing IOActive Labs CTO – Cesar Cerrudo on how he got into IT security. Today I am fortunate enough to have the pleasure of interviewing Eireann Leverett, a senior researcher for IOActive on this field and how magic played a part.

Friday, October 18, 2013

NCSAM – an Interview with Cesar Cerrudo

By Cesar Cerrudo @cesarcer and Craig Brophy @craigbrophy


Today we continue our support for National Cyber Security Awareness Month, by interviewing Cesar Cerrudo, Chief Technology Officer for IOActive Labs. Cesar provides us with some insight of how he got into IT security and why it's important to be persistent!

Thursday, October 17, 2013

Strike Two for the Emergency Alerting System and Vendor Openness

By Mike Davis


Back in July I posted a rant about my experiences reporting the DASDEC issues and the problems I had getting things fixed. Some months have passed and I thought it would be a good time to take a look at how the vulnerable systems have progressed since then.

Well, back then my biggest complaint was the lack of forthrightness in Monroe Electronics' public reporting of the issues; they were treated as a marketing problem rather than a security one. The end result (at the time) was that there were more vulnerable systems available on the internet - not fewer - even though many of the deployed appliances had adopted the 2.0-2 patch.

Wednesday, October 16, 2013

A trip down cyber memory lane, or from C64 to #FF0000 teaming

By Ian Amit @iiamit


So, it's National Cyber Security Awareness Month, and here at IOActive we have been lining up some great content for you. Before we get to that, I was asked to put in a short post with some background on how I got to info sec, and what has been keeping me here for almost 20 years now.

Tuesday, October 15, 2013

IOActive supports National Cyber Security Awareness Month

By Craig Brophy @CraigBrophy


The month of October has officially been deemed National Cyber Security Awareness Month (NCSAM). Ten years ago the US Department of Homeland Security and the National Cyber Security Alliance got together and began this commendable online security awareness initiative.  Why? Well, according to the Department of Homeland Security the NCSAM is seen as an opportunity to engage with businesses and the general public to create a ‘safe, secure and resilient cyber environment.’  This is something that resonates with the team here at IOActive

Thursday, October 3, 2013

Seeing red - recap of SecurityZone, DerbyCon, and red teaming goodness

By Ian Amit @iiamit

I was fortunate enough to have a chance to participate in a couple of conferences that I consider close to my heart in the past couple of weeks. First - SecurityZone in beautiful Cali ,Colombia. This is the third year that SecurityZone has been running, and is slowly making its way into the latin american security scene.