| 2.25.2011 |
Rob Graham's coverage of the Comodo hack on Slashdot
From Slashdot: yonk497 writes
"A boastful Iranian hacker has claimed sole responsibility for the Comodo security certificate attack, saying it had nothing to do with his government. The 21-year-old claimed via a note on PasteBin, 'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.' While some researchers believed his claims, saying the media had accepted Comodo's claims that the attack was from the Iranian government too easily, others said it was impossible to tell if the hacker was real, or a PR move by Iran."
Slashdot: "Lone Iranian Claims Credit For Comodo Hack" |
| 2.25.2011 |
Robert Graham quoted on "Thunderbolt: A new way to hack macs"
Dan Goodin from The Register interviewed Robert Graham about the new technology to connect to external harddrives/devices. Thunderbolt may give attackers yet another chink to exploit when targeting machines that offer the interconnect. "Imagine that you are at a conference,” Graham, the CEO of security consultancy Errata Security, writes. “You innocently attach your DisplayPort to a projector to show your presentation on the big screen. Unknown to you, while giving your presentation, the projector is downloading the entire contents of your hard disk."
The Register: "Thunderbolt: A New Way to Hack Macs" |
| 2.25.2011 |
Robert Graham quoted on Security concerns over new Thunderbolt I/O technology
Errata Security CEO Robert Graham was quoted in the article by H-Online.com. "The current Thunderbolt simply sends PCIe signals across the wire. That means, in theory, anything a PCIe card can do, a Thunderbolt device can do", warns Graham.
H-Online: "Security concerns over new Thunderbolt I/O technology" |
| 11.24.2010 |
Coverage on Robert Graham's article "I was just detained by the TSA"
Robert Graham wrote a blog post on being detained by TSA during the early announcements of physical screening by TSA. It received media attention, as well as many comments on the post.
Forbes: "Want To Photograph Your TSA Ordeal? Not So Fast"
InfoWorld: "Don't pull a TSA on security policies"
Daring Fireball: "Robert Graham Was Detained by the TSA for Taking Photographs"
Spartanburg Tea Party: "First person account of TSA detention" |
| 03.31.2010 |
Errata Security releases the results of the survey on secure coding practices
Errata Security is releasing the results of a survey conducted over the week of Security B-Sides and the RSA Conference in San Francisco. The survey found that Microsoft SDL was the most common security development lifecycle chosen of the companies using formal methodologies, but Ad Hoc solutions are still the most popular. Small companies are more likely to be using Agile development, and the corresponding SDL-Agile. The most common reason for not choosing to use a formal methodology was resource requirements.
Here are the press links covering the story, and a link to the actual paper:
Download the Survey Results (pdf): "Integrating Security Into the Software Development Lifecycle"
Dark Reading: "Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods"
CSO Security and Risk: "Code Writers Finally Get Security? Maybe"
Microsoft SDL Blog: "Survey Results: Microsoft SDL awareness on the rise"
Jeff Jones Blog: "SDL AWARENESS AND ADOPTION HIGH AMONG SECURITY PROFESSIONALS"
Help Net Security: "Root issues causing software vulnerabilities" |
| 11.20.2009 |
Errata CEO Robert Graham gives a security researcher perspective on the Climate Research Hack
Climatologist Phil Jones' email was compromised by an unknown hacker. The politically motivated attack was designed to reveal closely guarded global warming research. Robert Graham explains the current debate on global warming, and explains the relevance of the emails that were published by the hacker. Graham then explores a possible connection between the logs left behind in the attack and the identity of the hacker using open proxies.
Errata Security Blog: "Hacker exposes global warming researcher"
Errata Security Blog: "Climategate hack used open proxies" |
| 11.17.2009 |
Robert Graham featured on Dark Reading in response to Brazilian Power Grid Outage
After a power outage at a Brazilian power station was attributed to "hackers" in the tv show 60 Minutes, Errata Security CEO Robert Graham investigated the likelihood of these claims. He cited the lack of evidence, and far more likely scenarios. Later, in a feature on the site Dark Reading, he goes on to explore how an attack such as this could happen.
Errata Security Blog: "Brazil outage NOT caused by hackers"
Dark Reading: "How to Hack a Brazilian Power Grid" |
| 6.27.2008 |
"Taming Internet Explorer Browser Plug-Ins"
Brian Krebs of the WashingtonPost.com blog Security Fix featured an article announcing the release of AxBan 1.5 to ban vulnerable ActiveX Controls.
Read the full story here.
|
| 6.25.2008 |
"Researchers Defend Study on Patch Distribution Insecurities"
Errata Security CEO Rob Graham is quoted in an article on the blog SecGuru about a team of
researchers, David Brumley and Pongsin Poosankam of Carnegie Mellon University,
Dawn Song of UC Berkeley, and Jiang Zheng of the University of Pittsburgh, who
discovered a vulnerability in patch distribution systems.
"Generating fully functional exploits by reverse engineering a patch takes a lot of steps, this paper automates only one of them, and only in certain cases," Graham said.
Read the full story here.
|
| 6.25.2008 |
"Why Don't AV Vendors Make It Easy?"
Alan Shimel at the blog Still Secure, After All These Years talks about an Errata Security blog post on AV software on Windows Mobile.
Read the full story here.
|
| 5.28.2008 |
iPhone’s Field Test program used to hack cell towers network.
iPhone World News has more coverage on the smartphone tool from Errata Security.
Read the full story here.
|
| 5.28.2008 |
AxBan mentioned in Adobe Flash vulnerability article.
AxBan is a tool that will automate the process of setting the killbit relevant to Adobe Flash Player.
Read the full story here.
|
| 5.27.2008 |
iPhone Field Test app allows mobile network sniffing.
Heise Security UK reports on the upcoming speech by David Maynor at SummerCon.
Read the full story here.
|
| 5.27.2008 |
Errata CTO to present at SummerCon.
Errata Security CTO David Maynor discusses the Field Test app in smartphones and
talks about releasing source code for a tool that exploits this at SummerCon
2008.
Read the full story here.
|
| 5.27.2008 |
Errata to release tool that gathers information about the cellular network.
Errata calls its hack “cellular spelunking,” and it relies on a reverse
engineered smartphone application.
Read the full story here.
|
| 5.07.2008 |
Dark Reading features ActiveX 'killbit' tool AxBan.
Researchers at Errata Security are offering a free tool for users that protects them from the wave of malicious ActiveX controls plaguing Internet Explorer browsers.
Read the full story here.
|
| 4.09.2008 |
Errata CEO comments on cybersecurity actions.
Errata Security CEO, Rob Graham, discusses technology hurdles in developing a cybersecurity early warning system.
Read the full story here.
|
| 4.08.2008 |
Errata auditing tool LookingGlass is mentioned in ZDNet article.
LookingGlass and Errata Security CTO, David Maynor, are mentioned in this article on improvements to the security of QuickTime.
Read the full story here.
|
| 1.31.2008 |
Wired covers continuing impact of Sidejacking.
Rob Graham's new work on sidejacking is discussed and new information that SSL enabled Gmail is vulnerable.
Read the full story here.
|
| 1.14.2008 |
Errata CEO Rob Graham comments on printer security.
Rob Graham is quoted in an article that explores new mitigation techniques to keep printers safe.
Read the full story here.
|
| 12.31.2007 |
SideJacking named of of the top 5 coolest hacks of 2007
Errata Security research yields one of the top 5 hacks of 2007 according to Information security portal, Dark Reading.
Read the full story here.
|
| 08.02.2007 |
Errata Security CEO shows how insecure web based apps are.
Errata Security CEO Robert Graham release tools at Blackhat Vegas to show how easy it is to hack web apps at a wifi access point.
Read the full story here.
|
| 04.18.2007 |
Errata Security CTO comments on Blackberry outage
David Maynor an expert in mobile security and the CTO of Errata Security comments on a Blackberry service outage that affected most of North America.
Read the full story here.
|
| 04.12.2007 |
Errata Security named to Dark Reading list of hot start ups
Errata Security was one of the 10 new security startups chosen to be on Dark Readings list.
Read the full story here.
|
| 03.02.2007 |
Errata Security research featured in CNet
CNet has coverage of the Blackhat DC 2007 talk given by Errata Security founders.
Read the full story here.
Additional stories at Dark Reading, Security Focus, and Wifi Net News.
|
| 02.16.2007 |
Errata Security research featured on Dark Reading
The research of Errata Security has been featured at the online security portal Dark Reading. This article gives a glimpse into the research Rob Graham and David Maynor will be presenting at Blackhat DC.
Read the full story here.
|
| 02.15.2007 |
Errata Security CTO ponders Microsoft patch cycle
David Maynor, CTO of Errata Security gives opinions alongside other security industry heavyweights on the value of the monthly security patch cycle employed by Microsoft.
Read the full story here.
|
| 02.12.2007 |
Errata Security CTO comments on new remote 0day vulnerability in Solaris telnet Server
Errata Security CTO David Maynor gives his thoughts to Computerworld on the impact of a new Solaris vulnerability released in the wild on a popular security mailing list.
Read the full story here.
|
| 02.01.2007 |
Errata Security CTO comments on the end of the Month of Apple Bugs (MoAB)
Errata Security CTO David Maynor weighs in on the effect the Month of Apple Bugs will have on Apple security moving forward.
Read the full story here.
|
| 01.17.2007 |
Errata Security publicly launches security offerings
Security portal Dark Reading covers the launch of Errata Security's Hacker Eye View service.
Read the full story here.
|
Errata Security 
