The last three weeks I've been traveling through China, Hong Kong, and Macau on an interesting security tour thanks to this year's AsiaCCS being held in Xi'an, China. AsiaCCS was right after Oakland, so I flew directly from San Francisco to Xi'an China and then continued to visit friends at …

This year's Oakland (the IEEE Symposium on Security and Privacy, formerly held in Oakland, California) has been a wild ride. Just a little more than a week before Oakland I've been in the bay area at the Usenix Security PC meeting at Google in Mountain View, talking to many folks …

Another lazy Sunday (oh well, actually I should be writing papers and grant proposals but we are not talking about that right now) and I'm scrolling through my email when I stumbled upon a "FedEx notice" with your usual "you have not picked up your package" scam and I figured …

As part of the weekly CTF meetings we discussed some basic stack-based, heap-based, and format string based exploits. For system security challenges these are bread and butter techniques and rely on a huge amount of pre-existing knowledge about operating systems, kernels, process creation, dynamic loading, C programming, stack layouts, and …

Deleting an old GApps account can result in infinite pain. Here's why.

An introduction article that explains what symbolic execution is and how it can be chained to trigger vulnerabilities hidden deep inside binaries.

Just like every year I visited the 30c3, a hacker congress in Hamburg. This blog post summarizes my experiences and lists talks that you should watch.

Protect your passwords for low-security websites using cryptographic hashes.

The day I decided to leave the Google cloud and take the security and privacy of my data into my own hands.