Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 13 min 11 sec ago

INFILTRATE 2019 - How Far Is The Horizon?

18 October, 2018 - 09:50

Posted by Dave Aitel on Oct 18

[image: IMG_20181016_075725-EFFECTS.jpg]
Come talk at INFILTRATE this year! CFP Here <http://infiltratecon.org/cfp/>.

Here is why you should:

- This is the only conference where the audience is other exploit writers
- You get a very valuable peer review of your talk, for free!
- Obviously we treat you well, pay your way, and even have profit
sharing on the conference
- We have the best food and venue of any security...


16 October, 2018 - 13:23

Posted by Dave Aitel on Oct 16

Brainspace multi-language dogs vs cats video:

Exploiting branch target prediction, Jann Horn, INFILTRATE 2018

So I wanted to point people at the above videos today, in case you missed
them on Twitter, or in case you are not even on Twitter because social
media is evil and you want to save your mana for dealing with people in the
local PTA.

The INFILTRATE 2019 CFP is about to...


11 September, 2018 - 10:43

Posted by Dave Aitel on Sep 11

Doing a keynote is a lot of work - the peer review alone is brutal. And we
work hard on getting our INFILTRATE keynote speakers to present a unique
vision and perspective on our business, community, or overall strategy.
Usually, I personally call in favors from people I know or friends of
friends, and we sweeten the pot by not charging former keynoters for
tickets for all future INFILTRATES, which I think is a fair trade. :)

So I have a...

Re: Voting Village at Defcon

25 August, 2018 - 10:47

Posted by Dave Aitel on Aug 25


The whole thing was a sham. I know darktangent is on this list. Something
to think about for next year ...


Re: Cymothoa Exigua

24 August, 2018 - 12:08

Posted by " on Aug 24

I think it is worth noting that she claims multiple people felt the same
way and expressed similar independent opinions before she synthesized them
for a wider audience. What that probably means is that such comments are
not her feelings alone. What IS clear is that crypto technology is a double
edged sword and you must choose which edge of the blade you wish to wield.

Re: Voting Village at Defcon

23 August, 2018 - 13:13

Posted by Chris Eng on Aug 23

What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly
perform the same function as the real sites, but otherwise do not share common code/technology and are essentially
known sacrificial sites with security bugs intentionally placed in them?

We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this:

“These websites are so easy...

Cymothoa Exigua

23 August, 2018 - 12:10

Posted by Dave Aitel on Aug 23

The world is full of horrors, and one of those is Cymothoa Exigua
Another one of those, is groups of people who think they, somehow, have
cracked the code to developing technology in an "ethical" way, and if you
just obeyed them, everything would be...

Re: Voting Village at Defcon

23 August, 2018 - 11:05

Posted by Kevin T. Neely on Aug 23

Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According
to the village's Twitter account, she changed the vote tallys from a
replica of the site. https://twitter.com/VotingVillageDC It would be nice
if the media reported on the recommendations that come from the findings,
but we all know that's not how the media operates.


Re: information operations efforts and data carving

23 August, 2018 - 11:04

Posted by Jukka Ruohonen on Aug 23

This was a good take on things. I generally also applaud the constructive
criticism instead of the ranting strategy...

But it is still social media. Now I've seen quite a few papers recently
about vulnerabilities viz. Twitter. Some of these are relevant; there have
been some information leakages about things I consider relevant myself
(i.e., open source). But now people are attaching the "zero-day" label to
their papers, which...