In the news...

• Publications
• Presentations
• Announcements

	Publications Hacker Factor Solutions provides whitepapers and journal articles. Most documents are created and provided privately to customers. The following list represents a sample of documents created by Hacker Factor Solutions and released publicly. The copyrights for these documents have been transfered to their respective owners. Books Introduction to Network Security by Neal Krawetz, Charles River Media, 2006. ISBN 1-58450-464-1. Hacking Ubuntu: Serious Hacks Mods and Customizations by Neal Krawetz, Wiley, ExtremeTech series, 2007. ISBN 0-470-10872-X. Articles Online Impersonations: No Validation Required. Security Focus, April 2007. Laptop Losses and Phishing Fruit Salad. Security Focus, February 2007. Anti-Spam Solutions and Security, Part I and Part II. Security Focus, February and March 2004. "Anti-Honeypot Technology". IEEE Security and Privacy, January-February 2004 (Vol.2, No.1). Banking Scam Revealed. Security Focus, November 2003. White papers A Picture's Worth: Digital Image Analysis and Forensics. Dr. Neal Krawetz, Hacker Factor Solutions, August 2007. Presented at the Black Hat Briefings 2007. Point-of-Sale Vulnerabilities. Dr. Neal Krawetz, Hacker Factor Solutions, August 2007. Originally provided as a limited distribution document in April 2006, this document describes fundamental flaws in the point-of-sale architecture for credit card processing. Following the limited release of this paper, Visa USA Inc. released three Data Security Alerts that cover some of the issues raised in this paper and includes questions similar to the ones found at the end of the paper. Copies of the alerts are available from Chase Paymentech: June 2006, July 2006, and August 2006. These alerts do not cover all of the vulnerabilities discussed in this paper. Who is "n3td3v"?. Hacker Factor Solutions, October 2006. A Guide to Building Secure Web Applications and Web Services. Open Web Application Security Project (OWASP), June 2005. Dr. Krawetz from Hacker Factor assisted with the document and wrote a section for the document. Anti-Phishing: Page Encoding. Hacker Factor, April 2005.

	Presentations The following presentations represent a sample of the conferences attended by Hacker Factor. In addition to public conferences, Hacker Factor also provides private conference meetings. A Picture's Worth: Digital Image Analysis and Photo Forensics. Dr. Neal Krawetz, Hacker Factor Solutions. Presented at: July 2008: Lockdown 2008 at the University of Wisconsin, Madison. June 2008. Northern Colorado Linux User's Group. A Picture's Worth: Digital Image Analysis. Presented at the Black Hat DC, Washington DC, February 2008. (Paper, Slides) Reviews: CNet: Black Hat D.C. wraps up NetworkWorld: Black Hat DC A Picture's Worth: Digital Image Analysis and Forensics. Presented at the Black Hat Briefings, Las Vegas NV, August 2007. Reviews: (Preview) tgdaily: Masters of technology return for BlackHat/Defcon (Preview) CNet: Black Hat 'supersizes' in Las Vegas CNet: Newsmaker: A picture worth a thousand lies CNet: Al-Qaida manipulates videos, images, says Black Hat speaker NewsBusters: Hacker Proves How MSM is Fooled by al Qaeda Photochopped Images Bill's House O Insomnia: Theory matters after all... ABC News, The Blotter: Al Qaeda Videos May Be Doctored The Hindu Business Line: Educating Hackers and Defenders You Are What You Type: Non-Classical Computer Forensics. Presented at the Black Hat Briefings, Las Vegas NV, August 2006. Reviews: InfoWorld: Hackers beware: You are what you type CNet: The myth of online anonymity CNet: Keyboard profiling at Black Hat CNet: Hacking Anonymity ebiz: Clickprinting - The End of Anonymity on the Web? The Ethical Hacker: Nonclassical Forensics - You Are What You Type The Art Of Noh: BlackHat USA 2006 Government Computer News: Signature Style, May 28, 2007 issue. Nobody's Anonymous: Tracking Spam and Covert Channels. (Slides) Presented at the Black Hat Briefings, Las Vegas NV, July 2004. (Presented under the pseudonym, "Curtis Kret".) Evil with Email: Evaluation of an Insecure Network Service. Presented at the ISSA Colorado Springs chapter security seminar, March 2004. Evil with Email: Evaluation of an Insecure Network Service. Presented at the SouthEastern Colorado Cisco User's Group, February 2004. Nobody's Anonymous: Tracking Spam. Presented at the Black Hat Briefings, Seattle, WA, January 2004. (Presented under the pseudonym, "Curtis Kret".) Spam Tracking and Covert Channels. Presented at InfowarCon, Washington DC, October 2003. Flash and Crash: SWF Protocol and Problems. Presented at Toorcon in San Diego, September 2002.

	Announcements The Department of Defense Cyber Crime Center announced the results of their Forensic Challenge. November 2008: Team Hacker Factor came in third place (out of 199 teams) and had the highest score among civilian teams. Read more in the blog entry. November 2007: Team Hacker Factor came in third place (out of 126 teams) and had the highest score among civilian teams. Read more in the blog entry. December 2006: Team Hacker Factor came in fifth place (out of 140 teams). Our team had the highest score among civilian teams. Read more in the blog entry. On occasion, security risks, exploits, and issues become public. The following reports are the Hacker Factor public disclosures. Please be aware that the vast majority of issues identified by Hacker Factor are never presented to the public. Olivier Debon Flash Player Write-Overflow (15-January-2002). Reported at BugTraq and CERT. HPUX pcltotiff escalated privileges (March 2001). Reported at BugTraq, and in the HP Security Advisory. NOTE: Hewlett-Packard announced the defect as a denial-of-service. This is incorrect; it is a privilege escalation. Macromedia Flash Player Overflows (29-December-2000). Numerous overflow and denial-of-service conditions due to the Macromedia Flash player. Reported at BugTraq and CERT. This was also picked up by the popular press, including Flash Magazine, Fox News, and many foreign media outlets.