Wednesday, 21 May 2008

The E&Y Alumni Blackhat?

As some of you may be aware, I used to work for the Ernst & Young Advanced Security Center in New York (and in Houston before that). Having a quick look at the speakers list for Blackhat in Las Vegas as they are confirmed it amused me that so many of the old E&Y ASC crew are represented in the speakers list:

Friday, 16 May 2008

Still alive and kicking...

I got an email this morning (and a comment on an IM conversation a week ago) that has continued to remind me that I've been neglecting this blog. So I thought I'd pen a quick update to let everyone know whats going on and coming up.

First of all, I got my turbo talk to Blackhat USA in Las Vegas accepted, so I'll be speaking there again for the first time since 2004. The paper is called "SQL Injection Worms for Fun and Profit", and appears to be even more timely than I expected when submitting it considering what is still an ongoing problem. I'll be in Vegas for both Blackhat and Defcon if anyone wants to plan a catch up.

On other news, I've made little progress on rewriting SQLBrute in .NET due to a lack of time. I am, however, going to release SQLBrute 1.1 in Python in the not too distant future - I'm adding Sybase support, and cleaning up a few of the routines. Also, check out the port of Microsoft's AntiXSS library to Java - you can check it out on the GDS Tools page.

Thats all for now - more news and happenings soon!