When I’m not slaying dragons or saving orphan kittens from fires, sometimes I like to kick back and give talks on various subjects. Here’s a collection of various talks I’ve given over the years, along with podcast appearances.
I wanted to hack my CR48 and make it a truly secure box. Secure in the way that an adversary could walk away with the computer, and I’m left holding the truly important data. Welcome to ejectable core computing.
Interfaces suck and security applications are among some of the worst offenders. In this talk, I dive into various security program interfaces, what make them bad (and good, in a few cases), and what lessons we can learn to make them better.
Just a quick presentation for the Ohio InfoSec Forum holiday meeting.
Writing a web app? Storing user passwords? Don’t ever store them in plain text, you already know this. But do you know how to securely hash them? Here’s a very basic look at salted hashes and how they improve security.
There has been yet another high-value Twitter account taken over through social engineering. I take a tour through a couple well-known social engineers, the hacks of Mat Honan and Naoki Hiroshima, and some lessons we can walk away with.
With the release of Stanford’s new password requirements, we should all start re-thinking the modern password, what we’re up against, and how we can keep our users cooperative.
People don’t really think about all the ways 2 factor authentication fails us or doesn’t protect us. Here’s a quick, shallow look at a few problems facing 2FA today.
Have you ever needed to blanket a wide area in deauth packets, but didn’t have a laptop or outlet nearby? Introducing the Wifi Grenade. A script-kiddie-esque annoyance that’s sure to make you the talk of your local infosec community. Annoying, stupid, and illegal, the Wifi Grenade blankets an area in deauth packets, executing a denial of service attack in your neck of the woods. Be careful, now, you’re broadcasting packets that could land you in the slammer with a felony. You’ve been warned!
This is a quick little talk I gave at OISF about Mr. Robot and it’s accuracy. Nothing really that hasn’t been discussed at length already.
This was a pretty demo-heavy talk I gave at OISF. I taught basic installation and configuration. The next month, I gave a follow-up talk on how to configure remote access and whole-home-vpn.
This is a pretty quick talk I have at OISF. I dive into trying to create a Signal-replacement using XMPP and the challenges around it.
I co-host the Security:inThirty podcast with Chaim Cohen (+ChaimCohen). It’s a security show for normal people about how to protect yourself online, security devices, news, and more. We record live Wednesday evenings (usually around 8PM) and you can catch our videos and live recordings on YouTube. We offer MP3 download on our website or via our RSS Feed (part of the inThirty network).
Sometimes I join the inThirty team to talk about popular security news or tech trends.
In this podcast, I was asked to join in on a discussion about PRISM and what it means for computer users everywhere.
Google switched ALL of their search traffic to SSL. Does this really protect anyone from the prying eyes of the NSA? The inThirty gang bring me on to discuss the technical details of the change.
In this podcast, Gunnar and I discuss open wifi and why it isn’t to be trusted.
In this podcast, I talk about Bitcoins, how they work, why they are secure, and how they make sense in the financial world.