Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

Sarah Palin's Yahoo Mailbox Compromised

September 17, 2008

A group of individuals has compromised VP candidate Sarah Palin's personal email and sent the information to Wikileaks which has posted the information publicly. Circa midnight Tuesday the 16th of September (EST) Wikileaks' sources loosely affiliated with the activist group 'anonymous' gained access to U.S. Republican Party Vice-... READ MORE

VP Nominee Sarah Palin, Hacker?

August 30, 2008  | 5

John McCain's pick for VP, Sarah Palin, knows a thing or two about retrieving evidence from a computer. The mainstream reporting calls her a "hacker" because she is able to retrieve files from the Windows recycle bin. The Anchorage Daily News reports back in September 2004: Sarah Palin never thought of herself as an investigator. Yet there she was, hacking uncomfortably into Randy Ruedrich's... READ MORE

MBTA Hack Shows Security Hasn't Improved in 10 Years

August 25, 2008

One of my old L0pht collegues, Peiter "Mudge" Zatko, is featured in Mass High Tech today in an article titled Bay State hackers find security holes in defibrillators, RFID. Hackers getting a free T pass may be the least of our worries — local hackers-turned-security experts suggest RFID keycards, wireless networks and medical devices implanted in the body are also vulnerable to hacks. At last... READ MORE

MBTA Hack: Is It Really This Easy?

August 15, 2008

A lot of the focus of the MBTA vs MIT case has been discussion of the CharlieCards. These are MiFare classic cards which have been known to be broken earlier this year. There is also a paper disposable card called the CharlieTicket that uses a magnetic stripe. The MIT students presentation states that these are cloneable and forgeable using a $150 magnetic stripe reader/writer. From the... READ MORE

MBTA vs MIT Students Case Continues

August 13, 2008

A hearing will be held in Boston tomorrow to decide whether or not the restraining order gagging the MIT students from talking about the vulnerabilities they have found should be lifted. Even though the Defcon presentation is widely available and the MBTA disclosed the "Confidential" memo from the MIT students in their court filings, they are seeking a permanent speech injunction. An august group... READ MORE

Journalist On Journalist Hacking at BlackHat

August 8, 2008

Three French journalists have been booted for life from Black Hat and Defcon for compromising the Black Hat press room wired network and grabbing the credentials for at least one reporter. Their goal was to publicize the risks to reporters especially current given the massive reporter presence in Bejing for the Olympics. This risk is certainly real and it is a shame that these journalists had to... READ MORE

WarDriving Is So 2000 -- Here Comes WarShipping

August 7, 2008

I'm not talking shipping as in boats, but shipping as in packages. David Maynor is giving a talk at Black Hat on his newest experiment: using a small and cheap WiFi platform that is remotely accessible over a WAN perform WiFi surveillance inside of a package delivered right to your victim. Guess what the cheap platform is? An iPhone of course. George Ou has some pictures and more details in his... READ MORE

Poor Security Quality In Software; Someone Is Watching Over Me

July 30, 2008

Last week, Ben Worthen of the Wall Street Journal had a conversation with Howard Schmidt about the vulnerabilities in purchased software while Howard was waiting on line to have his iPhone upgraded. Howard Schmidt, who was once the CSO of Microsoft, knows a thing or two about vendors shipping insecure software. He offers this advice relating to his iPhone, "Just because a piece of software was... READ MORE

Selling 0day Exploit Code

June 30, 2008

We all know it happens, but it is rarely exposed as clearly as Adam Pennenberg did in his article for Fast Company, The Black Market Code Industry. It turns out that this 0day seller was an HP employee: According to the consultant who snared Marester, his quarry's skills appear quite sophisticated. His wares, if they performed as advertised, could help a hacker take down machines running that... READ MORE

Verizon Business Has a New Report on Data Breaches

June 12, 2008

The Verizon Business data breach report is by far the most comprehensive and detailed report on data breaches I have seen. It is great to see the break down of what is the root cause of these expensive and significant computer security failures. While it is interesting to see counts of malware infected computers from Symantec and vulnerability counts from CVE, this report gets to the actual... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu