As a hacker for most of my life, I take a keen interest in technology, especially technology that is likely to impact my freedoms and the freedoms of people all over the world. Contact Tracing is incredibly important, but there are critical conversations we are missing that need to happen sooner rather than later. Without these […]

Across my timelines I see many of my friends looking for ways to help others. You fill me with joy. First and foremost a few thoughts on mental health. 1. The internet is our home. We above all in society are best equipped to handle physical isolation . We have huge support networks and deeply […]

Can you believe it has been more than four weeks since DEF CON wrapped up? Im just shaking the ConCrud and still wake up every night at 4am wanting a status update. Anyway, I wanted to follow up, clarify a few things, and let you know what the next steps will be. This blog post […]

An open letter to the Hacker Community. I have been known by many names. Cyberjunky, Cjunky, CJ, Marc. I am a Hacker and a father. These two things shape my life and generally fill it with joy. I have done many things in my time on this blue marble flying through space. I have done […]

FaceID keeps on getting more and more interesting. According to Vietnamese Security firm Bkav, they were able to unlock the device using a 3D printed mask, hand made prosthetic nose, and 2D printed eyes.  This seems unlikely, especially given what Apple has said previously about testing they did to secure FaceID. What seems more likely […]

So, as people have started turning over stones, looking to see how common these Komodia certificates are, some surprising (and depressing) things are beginning to surface. It does appear that Komodia is behind this. It appears that Komodia uses the same framework for many, many products. Here’s some that have been found so far: Komodia’s […]

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough, they installed a weak certificate into the system in a way that means affected […]

So a bunch of things have come out in the last week that honestly make further discussion about attribution pointless. Once again, we are dealing with things said at conferences or deliberately leaked to the media, but given the sources, we have to at least take them somewhat seriously. North Korean Signals Intelligence (SIGINT) This […]

Here’s my responses to the latest comments on the Sony hack, as presented by Director James Comey at the International Conference of Cyber Security in New York this morning. “The tools in the Sony attack bore striking similarities to a cyber attack the North Koreans conducted in March of last year against South Korean banks […]

Attribution is hard. Out of all the digital forensic disciplines, it is probably the hardest. Digital forensics is nothing like what you see on TV – on so-called cyber-CSI shows, the investigator types in a few magical keystrokes and evidence comes flooding out of the completely unlocked computer. A few more keystrokes and a magical […]