Hacker group
POPULARITY
In this OODAcast, Chris Wysopal shares his insights from decades in cybersecurity, detailing his journey from the early hacking collective "The L0pht" to co-founding Veracode. Wysopal reflects on the evolution of cybersecurity, highlighting his early contributions to vulnerability research and advocating the importance of adversarial thinking in security practices. He emphasizes the transition from traditional vulnerability testing to comprehensive application risk management, recognizing the increased reliance on third-party software and the escalating complexity of securing modern applications. Wysopal also discusses how generative AI technologies are significantly accelerating application development but simultaneously creating substantial security challenges. He stresses that while AI-generated applications multiply rapidly, their vulnerability density remains comparable to human-written code. To manage this growing risk, Wysopal underlines the necessity of integrating automated, AI-driven vulnerability remediation into the software development lifecycle. Looking forward, Wysopal advocates for embedding security deeply within the application creation process, anticipating that AI will eventually assist in producing inherently secure software. However, he also underscores the enduring threat of social engineering attacks, urging enterprises to prioritize comprehensive security awareness programs to bolster their overall cybersecurity posture and resilience. The conversation examines some very interesting correlations between the mindset of the great hackers and the success of great entrepreneurs. Both take a good bit of grit, an ability to focus and be creative and perhaps most importantly: Persistence. Learn more about Chris Wysopal's approaches and the company he founded at Veracode. For insights into reducing your organization's attack surface see: State of Software Security 2025
In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht. Chris' talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure. Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris' BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik Resources: View Chris Wysopal on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Chris Wysopal is the Founder and CTO of Veracode, a $2.5 billion software supply chain security company that pioneered the field of application security and was one of the first companies to embrace software as a service. On today's episode, Jon Sakoda speaks with Chris on his early fame as a cybersecurity researcher and the highs and lows of building Veracode across three decades:How a Hacking Group Became Celebrities [11:50 - 15:35] - Chris was a member of the famous “L0pht” hacker group who became famous for discovering vulnerabilities in Lotus and Microsoft software. Shining a light on the issue ultimately gave the group widespread media attention and internet fame, drawing much needed attention to security issues in commercial software.Launching a Cloud Product in the Desktop Era [27:55 - 32:50] - In 2006, Veracode was one of the first companies in the security industry to pioneer “software as a service” which is widely used today. Chris relives the journey of convincing customers of the benefit of leveraging the cloud during the era of client / server code repositories.Surviving and Thriving Through Cycles [38:51 - 40:10] - Veracode has been a wildly successful company, but has had to survive many moments of crisis that might have killed weaker startups. The company had a broken financing in the first financial crisis and has been through numerous cycles through the years.
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields. In this episode you'll learn: Complications from vulnerabilities discovered in open-source software Practical applications of Copilot in incident response and threat intelligence The importance of curiosity and problem-solving skills when building a security team. Some questions we ask: How do you view the role of AI and machine learning in security, and bug bounties? What do you think is unique about securing critical infrastructure targets? Will AI influence security practices in organizations and industries going forward? Resources: View Chris Wysopal on LinkedIn View Chip Calhoun on LinkedIn View Torrell Funderburk on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Once claiming to the US Senate that he could ‘take down the internet in 30 minutes', this week's guest gives us insight into the underbelly of the cyberworld. Chris Wysopal, founder and CTO of Veracode, tells us all about his experience as an ethical hacker and how he and his team at L0pht pioneered the way for cybersecurity. From taking an interest in the potential of cyber hacking at the start of the online era, to being a trailblazer in the discovery of IT vulnerability as a whole; Chris and his team were at the forefront of raising cyber risk awareness. Determined to battle the ‘bad guy image' in cybersecurity, the L0pht team were on a mission to showcase the fallibility of big vendors, such as Microsoft, and evidence they need for effective security measures. Now, Chris' colourful past shapes the security-led solutions of Veracode, a platform that detects flaws and vulnerabilities at every stage of the modern software development lifecycle. This interview is a deep dive into the depths of cyber security and is not to be missed! Timestamps What does Good Leadership means to Chris? (02:20) Pioneering the start of cybersecurity (04:20) Starting a hacker collective (07:18) L0pht's biggest cybersecurity breakthroughs (12:47) Challenging the US Senate with cyber risks (18:00) Are governments doing enough to prevent cyber-attacks? (22:12) GenAI's role in cybersecurity (32:00) An introduction to Veracode (34:24) Chris' advice to his 21-year-old self (43:24)
The Space Rogue Episode: A Respectful Trip, A Book Reading, The Works BBS, A Ferret in Massachusetts, Gatherings to Gatherings, The L0pht, Seedlings to Guarding, The Digital Lifeline, The Story of the L0pht and of Space Rogue, Why The Book is Needed, A Joyful Noise, A Family's Witness. My pal Space Rogue wrote a book called SPACE ROGUE: HOW THE HACKERS KNOWN AS L0PHT CHANGED THE WORLD. It talks about his time as part of that group, of the @stake era, and most importantly, his path in life. It's a great Hacker Memoir and I hope we see many more. His book site (and his personal site as well) is at https://www.spacerogue.net/wordpress/
In today's episode James is joined by Cris Thomas, a true cybersecurity maverick that is more famously known as "Space Rogue." Join us as Cris delves into the fascinating origins of L0pht, a pioneering hacker collective that left an indelible mark on the industry. Cris also shares invaluable insights on securing networks, debunks hacking culture myths, sheds light on unconventional cybersecurity risks that often go unnoticed, and discusses his new book, Space Rogue: How the Hackers Known As L0pht Changed the World.
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-1
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-1
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-1
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-1
Cris Thomas is a founding member of L0pht Heavy Industries, one of the most influential hacker groups in history. Thomas' new book follows the hacker 'Space Rogue' as he takes you on a journey through the magical hacker scene of the 1990s. The L0pht hacker collective no longer exists, but its legacy lives on. This microcast is a short version of our full interview with Thomas, which you can listen to at https://soundcloud.com/cybercrimemagazine/space-rogue-how-the-hackers-known-as-l0pht-changed-the-world-cris-thomas-author
Chris Wysopal and Cris Thomas of the L0pht join Dennis Fisher to talk about the 25-year-anniversary of the group's landmark Senate testimony, what's changed since then, and Cris's new book, How the Hackers Known as L0pht Changed the World.
Hacker Cris Thomas – better known by his old bulletin board system handle Space Rogue – has witnessed the infosec community grow from a hodgepodge network of hacking collectives to a multibillion dollar industry. Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World. In the latest episode of WE'RE IN!, Space Rogue shares his side of the story from L0pht's influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day. --------Tune in to hear more from Space Rogue on: * Tales from early meetings of the famous hacker quarterly 2600 * The value of college versus certifications for anyone seeking to launch an infosec career* The fragility of the modern internet
How to tell the difference between a chatbot and a human, Space Rogue joins the panel to discuss his new book "How the Hackers Known As L0pht Changed the World", choosing a hacker handle, testifying before Congress, the origins of L0pht, writing a book, the end of L0pht as @stake, the Hacker News Network, remembering Aloria.
How to tell the difference between a chatbot and a human, Space Rogue joins the panel to discuss his new book "How the Hackers Known As L0pht Changed the World", choosing a hacker handle, testifying before Congress, the origins of L0pht, writing a book, the end of L0pht as @stake, the Hacker News Network, remembering Aloria.
This is the story of Cris Thomas aka Space Rogue, who's written perhaps the best book about the early days of hacking, Space Rogue: How the Hackers Known as the Loft Changed The World. Unlike a journalist merely chronicling events in Boston in the 1990s from the outside, Cris was on the inside. This is not only the story of the L0pht but it's also the story of his life, so he seamlessly provides the often missing context of the time with countless asides and anecdotes woven in instead of tacked on. In this episode of Error Code, Cris also drops a lot of names.
Cris Thomas is a founding member of L0pht Heavy Industries, one of the most influential hacker groups in history. Thomas' new book follows the hacker 'Space Rogue' as he takes you on a journey through the magical hacker scene of the 1990s. The L0pht hacker collective no longer exists, but its legacy lives on. In this interview on the Cybercrime Magazine Podcast, Thomas looks back on the early days of L0pht.
Organizations today operate under the constant looming threat of cyber attacks. While reactive cybersecurity measures will help organizations respond to past and present threats, offensive measures are the only chance to get ahead of attackers and beat them to the punch. There is now a greater call for offensive solutions like penetration testing and red teaming to evaluate environments so security gaps can be identified and closed before a breach. Join us as we discuss how these solutions work both independently and together, as well as practical ways organizations can build or mature an offensive security strategy. Segment Resources: https://www.coresecurity.com/resources/videos/when-use-pen-testing-red-teaming-or-both?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly https://www.coresecurity.com/resources/guides/complete-guide-layering-offensive-security?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly https://www.coresecurity.com/resources/datasheets/offensive-security-advanced-bundle?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht's rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today. Segment Resources: https://securityweekly.com/spacerogue http://www.spacerogue.net Inka talks about harnessing Behavioural Science (BS) to influence people's cyber security behaviours. Focusing on psychology theories (e.g. Behaviour change wheel) she explores some of our barriers (and motivations) to cybersecurity. What are our FMEs ('frequently made excuses') to taking protective action online and how organisations' could create a supportive security culture. Segment Resources: Lead researcher for RISCS / UK Home Office funded research project: Cyber Security Quirks: Personalised Interventions for Human Cyber Resilience https://www.riscs.org.uk/project/cyber-security-quirks-personalised-interventions-for-human-cyber-resilience/ Inka will be presenting this research at the Impact Conference on 2.3.2023 https://www.theimpactconference.com/ Lead researcher/author of the Annual Cybersecurity Attitudes and Behaviours Report (2021 and 2022) https://www.cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/ SebDB (most comprehensive cyber security behaviour database) https://www.cybsafe.com/research/security-behaviour-database/ Personality and digital footprints whitepapers: https://www.cybsafe.com/whitepapers/personality-and-digital-footprints/ How to measure security behaviour https://www.cybsafe.com/e-books/how-to-measure-behavior-long-read/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw306
Organizations today operate under the constant looming threat of cyber attacks. While reactive cybersecurity measures will help organizations respond to past and present threats, offensive measures are the only chance to get ahead of attackers and beat them to the punch. There is now a greater call for offensive solutions like penetration testing and red teaming to evaluate environments so security gaps can be identified and closed before a breach. Join us as we discuss how these solutions work both independently and together, as well as practical ways organizations can build or mature an offensive security strategy. Segment Resources: https://www.coresecurity.com/resources/videos/when-use-pen-testing-red-teaming-or-both?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly https://www.coresecurity.com/resources/guides/complete-guide-layering-offensive-security?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly https://www.coresecurity.com/resources/datasheets/offensive-security-advanced-bundle?code=cmp-0000011540&ls=717710006&utm_source=hubspot&utm_medium=email&utm_campaign=cts-security-weekly This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht's rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today. Segment Resources: https://securityweekly.com/spacerogue http://www.spacerogue.net Inka talks about harnessing Behavioural Science (BS) to influence people's cyber security behaviours. Focusing on psychology theories (e.g. Behaviour change wheel) she explores some of our barriers (and motivations) to cybersecurity. What are our FMEs ('frequently made excuses') to taking protective action online and how organisations' could create a supportive security culture. Segment Resources: Lead researcher for RISCS / UK Home Office funded research project: Cyber Security Quirks: Personalised Interventions for Human Cyber Resilience https://www.riscs.org.uk/project/cyber-security-quirks-personalised-interventions-for-human-cyber-resilience/ Inka will be presenting this research at the Impact Conference on 2.3.2023 https://www.theimpactconference.com/ Lead researcher/author of the Annual Cybersecurity Attitudes and Behaviours Report (2021 and 2022) https://www.cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/ SebDB (most comprehensive cyber security behaviour database) https://www.cybsafe.com/research/security-behaviour-database/ Personality and digital footprints whitepapers: https://www.cybsafe.com/whitepapers/personality-and-digital-footprints/ How to measure security behaviour https://www.cybsafe.com/e-books/how-to-measure-behavior-long-read/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw306
The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht's rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today. Segment Resources: https://securityweekly.com/spacerogue http://www.spacerogue.net Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw306
The memoir of world-renowned hacker Cris Thomas “Space Rogue: How the Hackers Known as L0pht Changed the World” is available for pre-order now. The new book, to be released on February 16, 2023, will cover the influential hacking group L0pht Heavy Industries, the hacker underground of the 1990s, the L0pht's rise to prominence, their testimony in front of the US Senate, their claim of being able to “take down the Internet”, and how their legacy continues to shape the security of the online world today. Segment Resources: https://securityweekly.com/spacerogue http://www.spacerogue.net Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw306
This is the history of hardware hacking and the story of Joe Grand. From testifying before Congress to creating badgelife at DEF CON, Joe has done it all. And he's darn humble about it, too. Joe just wants to share through his classes, website, and YouTube channel all that he's learned since his days with the L0pht, the tools he's created, and the work he's currently doing with Right to Repair. He just wants to make the art of hardware hacking more accessible to others.
The story of the hunt for a couple million bucks in lost crypto. With Joe Grand AKA Kingpin from the L0pht. Check out Joe's YouTube channel: https://www.youtube.com/c/JoeGrand/featured Learn more about your ad choices. Visit megaphone.fm/adchoices
Dennis Fisher talks with Joe Grand, renowned hardware hacker and member of the L0pht, about his recent work hacking hardware crypto wallets, hacking culture, and why curiosity matters.
Chris Wysopal is Co-Founder and Chief Technology Officer at Veracode, which pioneered the concept of using automated static binary analysis to discover vulnerabilities in software. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. Chris started his career as software engineer that first built commercial software and then migrated to the specialty of testing software for vulnerabilities. He has led highly productive and innovative software development teams and has performed product strategy and product management roles. Chris is a much sought-after expert on cybersecurity. He has been interviewed for most major technology and business publications, including New York Times, The Washington Post, WSJ, Forbes, Fortune, AP, Reuters, Newsweek, Dark Reading, MIT Tech Review, Wired, and many networks, including BBC, CNN, ABC, CBS, CNBC, PBS, Bloomberg, Fox News, and NPR. He has keynoted cybersecurity and technical conferences on 4 continents.Link: Chris Wysopal LinkedInLink: Cult of the Dead Cow by Joseph Menn
This week, Mat and Mike talk with Joe Grand from Grand Idea Studio. They chat about Joe's recent crypto wallet hardware hack, his past with the L0pht, and what it means to be a "hacker."------------------------Check out Joe GrandYouTube: youtube.com/c/JoeGrandTwitter: @JoeGrand-------------------------Announcements:Interested in PCAP, visit purdue.edu/pcapWant to learn more about CERIAS Security Symposium, visit https://www.cerias.purdue.edu/site/symposium-------------------------Stay current with cyberTAP:cyber.tap.purdue.edu/blogFollow us on all the things:Twitter: @PCyberTAPLinkedIn: Purdue cyberTAPEmail the Cyber Tap with suggestions (or be a guest)cybertappodcast@purdue.eduTo learn more about Purdue cyberTAP's education and professional services, visit cyber.tap.purdue.edu
This week Dave interviews Joe grand, former hs hacker-kingpin from L0pht turned ethical white-hat-hacker on how he cracked a Trezor wallet containing 2 million dollars in crypto. Meanwhile, Georgia talks old school vs new school investments, and Greg doles out a little bit of tough love stock advice along with charting strategies.
Joe Grand is a product designer, hardware hacker, and the founder of Grand Idea Studio, Inc. He specializes in creating, exploring, manipulating, and teaching about electronic devices. Also known as "Kingpin", Joe was a member of the legendary hacker group L0pht Heavy Industries, where he helped raise awareness of the hacker ethos and the importance of independent security vulnerability research. He also brought engineering to the masses as a co-host of Discovery Channel's Prototype This, which followed the real-life design process of a unique prototype every episode. Story in Cybercrime Magazine: https://cybersecurityventures.com/bringing-out-the-best-in-hackers/
Hackers have long been portrayed as the bad guys, but Biella uncovers how the ethical Grey and White Hat hackers created the modern security industry, despite the risk to their careers, and fierce opposition from major tech and software companies who wanted to keep any vulnerabilities in their products hidden from the public eye. She talks with Chris Wysopal, member the high-profile hacker think tank the L0pht, about the struggle for security, and how that fight may have inadvertently damaged a key part of hacker culture in the long term.
The newfound popularity of the internet in the nineties spurned an obsession with hacking. Unfortunately, most movies believed that it wasn't possible to show real hacking and still be entertaining; hence all the awkward video game graphics and characters living in sketchy basements regularly yelling out, "We're in!" while pounding on their keyboards. I'd also like to address their outfit choices but now is not the appropriate time. The point is, hackers have been portrayed as the same character repeatedly when in reality, there are many possibilities to turn these skills into a legitimate career. In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Co-Founder and Chief Technology Officer at Veracode Chris Wysopal. In the '90s, Chris was one of the first vulnerability researchers at The L0pht, a hacker think tank, where he publicized his findings on the dangers of insecure software. Chris shares guidance for anyone getting started with modern secure software development, the best tools to monitor for vulnerabilities in open-source code, and shares what he believes is one of the greatest threats to software development. In This Episode You Will Learn: How to use open-source code safely Best tools for monitoring vulnerabilities How to detect and respond to threats to insecure software Some Questions We Ask: What is modern secure software development? What are the biggest threats to software today? How should companies allocate ownership of secure code across the software development lifecycle? Resources: View Chris Wysopal on LinkedIn View Nic on LinkedIn View Natalia on LinkedIn Related: Listen to: Afternoon Cyber Tea with Ann Johnson Listen to: Security Unlocked: CISO Series with Bret Arsenault Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Josh and Kurt talk to Chris Wysopal, AKA Weld Pond, about security education. We talk about the current state of how we are learning about security as students and developers. What the best way to get developers interested in learning more about security? We end the show with fantastic advice from Chris for anyone new to the field of technology or security. Show Notes Chris Wysopal Veracode l0phtcrack
At the start of 2021 Kylie McDevitt left her role as Technical Director in the Australian Government and with her husband Silvio Cesare, formerly Director of Education at the University of NSW Cyber Security Centre, have transformed a warehouse in Canberra and started a hackerspace called InfoSect. Inspired by groups like the L0pht in the USA, they have left their career roles and set out full time on their own to build a place to hangout with other hackers and do cool research. This is their story...so far! LINKS Kylie's Blog Post http://www.networkhacked.com/2021/07/stepping-off-cliff-edge.html WEBINAR: GOVERNMENT & PRIVATE SECTOR - Working Together for Cybersecurity Protection of Critical Infrastructure https://learnsecurity.mysecuritymarketplace.com/course/ciprotection BSides Perth 18-19 September - https://bsidesperth.com.au/ MySec.TV Interview https://mysecuritymarketplace.com/av-media/canberras-hackerspace-analysis-of-infosect/ #mysecuritytv #cybersecurity #womeninsecurity #womenincybersecurity
For show notes and transcript visit: https://kk.org/cooltools/joe-grand-hardware-hacker/ If you're enjoying the Cool Tools podcast, check out our paperback book Four Favorite Tools: Fantastic tools by 150 notable creators, available in both Color or B&W on Amazon: https://geni.us/fourfavoritetools Our guest this week is Joe Grand. Also known as Kingpin, Joe is a computer engineer, hardware hacker, teacher, daddy, honorary doctor, TV host, member of legendary hacker group L0pht (pronounced “Loft”) Heavy Industries, and former technological juvenile delinquent. He has been creating, exploring, and manipulating electronic systems since the 1980s.You can find Joe on Twitter and YouTube @joegrand.
Chris Wysopal (aka WeldPond), a cyber security pioneer and one of L0pht's founding members, talks about the group's 1998 testimony in the Senate, how they used shaming to force corporations to fix their software, and the (not so fortunate) consequences of the sale to @stake.
Chris Wysopal, a cyber security pionneer and one of L0pht's founding members, talks about the group's 1998 testimony in the Senate, how they used shaming to force cooporations to fix their software, and the (not so fortunate) consequenses of the sale to @stake. The post Shutting Down The Internet in 30 Minutes: Chris Wysopal [ML B-Side] appeared first on Malicious Life.
L0pht, Part 2Advertising Inquiries: https://redcircle.com/brands
In the early days, the L0pht guys tinkered with what they already had laying around, or could find dumpster diving. But things change, of course. By the end of the ‘90s many of the L0pht hackers had quit their day jobs, incorporating under the name “L0pht Heavy Industries”, and moving into a nicer space, the “new L0pht.” Seven days after Y2K, they merged with @stake, an internet security startup. It was a signal that hacking wasn’t just for the kids anymore. The post ‘L0pht’, Part 2 – The End appeared first on Malicious Life.
The Story of 'L0pht', Part 1Advertising Inquiries: https://redcircle.com/brands
'L0pht', or 'L0pht Heavy Industries', was one of the most influential hacker collectives of the '90s: its members were even invited to testify in front of the Congress on the current state of Internet security. In this episode, four of L0pht's founding members - Count Zero, Weld Pond, Kingpin & Dildog - talk about the beginning and influence of the L0pht on cybersecurity.
'L0pht', or 'L0pht Heavy Indutries', was one of the most infuencial hacker collectives of the 90's: it's members were even invited to testify infront of the Congress on the current state of Internet security. In this episode, four L0pht's founding members - Count Zero, Weld Pond, Kingpin & Dildog - talk about the begining and influence of the L0pht on cyber security. The post The Story of ‘L0pht’, Part 1 appeared first on Malicious Life.
Many successful entrepreneurs disrupt industries with innovative ideas, but how many can say their disruption actually helped create and jumpstart a whole industry that is massive. Chris has been involved in the cybersecurity industry since the beginning as a member of the elite hacker think tank in the 90's called the L0pht, which went on to testify before the U.S. Senate about cybersecurity and vulnerabilities of the internet. 20 years later, the cybersecurity industry is only growing by the day with new threats popping up and new technologies being developed to help companies and consumers play defense. Veracode is one of the anchor companies and Chris is one of its co-founders. Veracode is the largest global provider of application security testing (AST) solutions serving more than 2,500 customers worldwide across a wide range of industries. In this episode of our podcast, we cover: * The story of the L0pht, which has the makings for a great Netflix show as it reminds me of the series Halt and Catch Fire. * @ Stake's acquisition of the L0pht and the early days of the cybersecurity industry. * The full story of Veracode in terms of starting the company, scaling to an acquisition, and spinning back out as an independent company. * Advice for technical founders on starting a company. * Lessons learned on scaling. * And so much more. If you like the show, please remember to subscribe and review us on iTunes, Soundcloud, Spotify, Stitcher, or Google Play.
Josh and Kurt talk about how to get started in security. It's like the hero's journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero's Journey Mudge's Tweet L0pht at Congress Bob Ross Webkit Face ID and Touch ID for the Web
The History of DEF CON Welcome to the History of Computing Podcast, where we explore the history of information technology. Because understanding the past prepares us for the innovations of the future! Todays episode is on the history of DEF CON. I have probably learned more about technology in my years attending Blackhat and DEF CON than from any other source other than reading and writing books. But DEF CON specifically expanded my outlook on the technology industry and made me think of how others might consider various innovations, and sometimes how they might break them. DEF CON also gave me an insight into the hacker culture that I might not have gotten otherwise. Not the hacker culture many think of, but the desire to just straight up tinkerate with everything. And I do mean everything, sometimes much to the chagrin of the Vegas casino or hotel hosting the event. The thing that I have always loved about DEF CON is that, while there is a little shaming of vendors here and there, there's also a general desire to see security research push the envelope of what's possible, making vendors better and making the world a more secure place. Not actually trying to back things in a criminal way. In fact, there's an ethos that surrounds the culture. Yes, you want to find sweet, sweet o days. But when you do, you disclose the vulnerability before you tell the world that you can bring down any Cisco firewall. DEF CON has played a critical role in the development and remediation of rootlets, trojans, viruses, forensics, threat hunting research, social engineering, botnet detection and defeat, keystroke logging, DoS attacks, application security, network security, and privacy. In 2018, nearly 28,000 people attended Def Con. And the conference shows no signs of slowing down. In fact, the number of people with tattoos of Jack, the skull and crossbones-esque logo, only seems to be growing. As does the number of people who have black badges, which give them free access to DEF CON for life. But where did it get its start? The name is derived from WarGames, a 1983 movie that saw Matthew Broderick almost start World War III by playing a simulation of a nuclear strike with a computer. This was obviously before his freewheeling days as Ferris Bueller. Over the next decade, Bulletin Board Networks had become a prime target for hackers in it for the lolz. Back then, Bullet Boards were kinda' like what Reddit is today. But you dialed a network and then routed through a hierarchical system, with each site having a coordinator. A lot of Fido hacking was trying to become an admin of each board. If this sounds a lot like the Internet of today, the response would be “ish”. So Jeff Moss, also known as Dark Tangent, was a member of a group of hackers that liked to try to take over these bulletin boards called “Platinum Net”. He started planning a party for a network that was shut down. He had graduated from Gonzaga University with a degree in Criminal Justice a few years earlier, and invited #hack to join him in Vegas. Moss had graduated from Gonzaga University in Criminal Justice and so why not have 100 criminals join him in Vegas at the Sands Hotel and Casino! He got a little help from Dead Addict, and the event was a huge success. The next year, Artimage, Pappy Ozendorph, Stealth, Zac Franken, and Noid threw in to help coordinate things and the attendees at the conference doubled to around 200. They knew they had something special cookie' up. Def Con two, which was held at the Sahara, got mentions by Business Week and the New York Times, as well as PC Magazine, which was big at the time. DEF CON 3 happened right after the Hackers movie at the Tropicana, and DEF CON 4 actually had the FBI show up to to tell the hackers all the things at the Monte Carlo. DEF CON 4 also saw the introduction of Black Hat, a conference that runs before DEF CON. DEF CON 5 though, saw ABC News ZDNet, Computer World, and saw people show up to the Aladdin from all over the world, which is how I heard of the conference. The conference continued to grow. People actually started waiting to release tools until DEF CON. DEF CON 6 was held at the Plaza and then it went to the Alexis Park Resort from DEF CON 7 to DEF CON 13. DEF CON 7 will always be remembered for the release of Back Orifice 2000, a plugin based remote admin tool (or RAT) that I regrettably had to remove from many a device throughout my career. Of course it had an option for IRC-based command and control, as did all the best stuff on the Silk Road. Over the next few years the conference grew and law enforcement agents started to show up. I mean, easy pickings, right? This led to a “spot the fed” contest. People would of course try to hack each other, which led to maybe the most well-known contest, the scavenger hunt. I am obviously a history nerd so I always loved the Hacker Jeapoardy contest. You can also go out to the desert to shoot automatic weapons, participate in scavenger hunts, pick all the locks, buy some shirts, and of course, enjoy all the types of beverages with all the types of humans. All of these mini-events associated with DEF CON have certainly helped make the event what it is today. I've met people from the Homebrew Computer Club, Anonymous, the Legion of Doom, ShadowCrew, the Cult of the Dead Cow, and other groups there. I also met legends like Captain Crunch, Kevin Poulsen, Kevin Mitnick, L0pht (of L0phtcrack, and many others. By DEF CON 7 in 2000, the conference was getting too big to manage. So the Goons started to take over various portions of the con. People like Cjunky, Agent X, CHS, Code24, flea, Acronym, cyber, Gattaca, Froggy, Lockheed, Londo, Major Malfunction, Mattrix, G Mark, JustaBill, helped me keep from getting by eyebrows shaved off and were joined by other goons over the years. Keep in mind there are a lot of younger script kiddies who show up and this crew helps keep them safe. My favorite goon might be Noid. This was around the time the wall of sheep appeared, showing passwords picked up on the network. DEF CON 11 saw a bit of hacktivism when the conference started raising money for the Electronic Frontier Foundation. By 2005 the conferences had grown enough that Cisco even tried to shut down a talk from Michael Lynn that could basically shut down the Internet as we know it. Those pages mentioning the talk had to be torn out of the books. In one of the funner moments I've seen Michell Madigan was run out of the con for trying to secretly record one of the most privacy oriented groups I've ever been a part of. Dan Kaminsky rose to prominence in 2008 when he found some serious flaws in DNS. He was one of the inaugural speakers at Def Con China 1 in 2018. 2008 also saw a judge order a subway card hacking talk be cancelled, preventing three MIT students from talking about how they hacked the Boston subway. 2012 saw Keith Alexander, then director of the NSA give the keynote. Will Smith dropped by in 2013, although it was just to prepare for a movie. Probably not Suicide Squad. He didn't stay log. Probably because Dark Tangent asked the feds to stay away for awhile. DARPA came to play in 2016 giving out a 2 million dollar prize to the team that could build an autonomous AI bot that could handle offense and defense in a Capture the Flag style competition. 2017 made the news because they hosted a voting machine hacking village. Cambridge Global Advisors was a sponsor. They have no connection with Cambridge Analytica. No matter how you feel about politics, the hallmark of any democracy is certifying a fair and, um, democratic election. Jimmy Carter knows. He was 92 then. 2019 saw 30,000 people show up in Vegas for DEF CON 27. At this point, DEF CON has been on the X-Files, Mr. Robot, and given a node in the movie Jason Bourne. It is a special event. Being surrounded by so many people with unbridled curiosity is truly inspiring. I doubt I would ever have written my first book on security if not for the opportunity they gave me to speak at DEF CON and Blackhat. Oh, recording this episode just reminded me - I need to go book my room for next year! If you want to learn more about DEF CON, we'll include a link to the documentary from 2013 about it in the show notes. https://www.youtube.com/watch?v=3ctQOmjQyYg
Today we have an extra-special guest named Joe Grand of Grand Idea Studio. Joe started hacking software and hardware at the ripe old age of seven! He ended up becoming a part of hacker history and you’re going to love hearing about it. He’s also co-founder of The Badgelife movement, and co-host of a Discovery TV channel called ‘Prototype This.’ We’re delighted to announce that he’s agreed to be a keynote speaker at AltiumLive, October 9 to 11 in San Diego. Registrations are now open and we encourage you to sign up now because space is limited. Trade In Your Outdated PCB Design Tool & Unlock Savings on Altium Designer today! Watch the video, click here. Show Highlights: Joe got involved with computers in 1982 and has always been fascinated by computers and electronics. When he discovered the hacker community, he fell in love and was able to make a career of it. They started filming ‘Prototype This’ in 2006/2007 with the producers of ‘Myth Busters’ with the aim of following the real-life engineering of building projects, showing engineering to the masses in fun ways to share the process and even explain technical concepts to grandparents. Joe started using Altium Designer® in the very early days and still does so to design his badges. The Badgelife phenomenon started at Def Con through Jeff Moss, known as Dark Tangent. It also led to the idea to present training at conferences, ushering in Joe’s training program ‘Hardware Hacking’ which he still teaches to this day.Many people are starting to make and sell badges, it’s almost a gateway to a professional engineering career. Joe demonstrates his flex substrate badge for Def Con China. This is where he learned to use the Altium teardrop function. The Def Con USA badge included blind vias and via in pads which Joe had never worked with and once again Altium Designer came to the rescue. They went from six prototypes to 28 650 pieces in one week. Joe’s pseudonym is Kingpin - why do hackers have pseudonyms? Most of them grew up in the hacker world, where connecting to bulletin boards required a nickname, it was about having an anonymous identity in the hacker world back then. The hacker world now has many different branches and is more focused on not taking everything at face value, asking questions and being curious. Joe relates his experience with the group called ‘L0pht’ where they were called before the US Senate to testify on the state of computer security in government.Joe will bring a world view of a hacker in engineering to AltiumLive in his keynote address: ‘When Hacking and Engineering Collide’ to include design tips, projects, and crazy contraptions built for television to mention a few. Links and Resources: Grand Idea StudioTwitter (@joegrand)A History of Badgelife, Def Con’s Unlikely Obsession with Artistic Circuit BoardsFor Hackers, Anonymity Was Once Critical. That’s Changing Def Con China TreeL0pht Heavy Industries L0pht Senate Testimony Video https://en.wikipedia.org/wiki/L0phthttps://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/https://duo.com/decipher/an-oral-history-of-the-l0phtAltiumLive San Diego Keynote Speakers Learn, connect, and get inspired at AltiumLive 2019: Annual PCB Design Summit.
In this episode: How the development of cybersecurity arose and how that history created a world rife with invasions. Chris Wysopal, CTO and cofounder of Veracode, sat in the first row for the advent of cyber defense. In fact, as the Vulnerability Researcher at the seminal hacker think tank the L0pht, he has worked for decades to demand more secure technology from influential tech companies. In this episode Wysopal shares his work in the early years of cybersecurity, including when he testified in front of the 1998 Senate on computer security. At that time, he urged the adoption of regulations on large companies like Microsoft in order to enforce accountability and the development of thoughtful,safer code that protects consumer privacy. These initial concerns have only grown, as there is still little enforcement against code and firmware that allows for breaches. Business Lab is hosted by Elizabeth Bramson-Boudreau, the CEO and publisher of MIT Technology Review. The show is produced by Collective Next. Music by Merlean, from Epidemic Sound.
In the spirit of Memorial Day and remembrance, Evan and Brad decided to do something a bit different for episode 29. The guys share audio of L0pht Heavy Industries testifying before the United States Senate Committee on Governmental Affairs (live feed from CSPAN) on May 19, 1998. You'll notice that a lot of the issues discussed in the trial still translate today, despite it being over 20 years ago. Give it a listen, and let us know what you think at unsecurity@protonmail.com
In today’s edition of Shadow talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fusion centres in the financial services industry. We ask whether such tactics are effective, and whether smaller organizations can also employ the techniques being used by some of the world’s largest enterprises.
Host Kevin Greene and guest Chris Wysopal, Co-Founder and CTO at Veracode, discuss the impact of the legendary group L0pht in many cyber security start-ups. Wysopal also discuss how Veracode is working to help organizations deploy software more securely and faster by getting better tools to the developers early in the software development process.
Tenable (https://www.tenable.com) . With more than two decades of experience, he commands an uncanny ability to link disparate events, read between the lines and distill complex, technical information into readily understandable, accessible and actionable intelligence. Cris is a founding member of strategist for Tenable (https://www.tenable.com/profile/cris-thomas) , Cris helps clients understand how to apply the unique advantages of continuous monitoring as well as how to meet compliance and security challenges. I have been following Space Rogue's work since the 90's and am delighted to have him on the show. I encourage people to go back and watch the famous testimony from Cris and the rest of L0pht from almost 20 years ago. It's scary that so many of the issues called out then, still exist today. In this episode we discuss RSA conference (https://www.rsaconference.com/) , the start of L0pht heavy industries, L0pht's famous testimony before congress, security basics, and much more. Where you can find Cris: LinkedIn (https://www.linkedin.com/in/spacerogue/) Spacerogue.net (http://www.spacerogue.net/) Twitter (https://twitter.com/spacerog) CyberSquirrel1 (http://cybersquirrel1.com/) Tenable Blog (https://www.tenable.com/profile/cris-thomas) Plus, everyone should just watch this. It's almost 20 years old and it still is very relevant. [embed]https://www.youtube.com/watch?v=VVJldn_MmMY[/embed]
Veracode's Chris Wysopal on the impact of 1990s hacker group L0pht by FedScoop
Chris Wysopal a.k.a Weld Pond, chief technology officer of application security firm Veracode, joins The Cybersecurity Podcast to discuss the suspected cyberattack on the Ukrainian power grid, ways to increase transparency about cybersecurity expertise at publicly-traded companies, and why the L0pht hacking collective he once belonged to didn't want to shut down the Internet back in the 1990s just to prove to senators it could. Also joining New America's Peter Singer and Passcode's Sara Sorcher is Chris Young, general manager of Intel Security. They talk about the unconventional cyberthreats emerging from the booming Internet of Things, the challenges posed by ransomware, and his ideas for a future Cyber National Guard.
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future.Security Weekly Web Site: http://securityweekly.comHack Naked Gear: http://shop.securityweekly.comFollow us on Twitter: @securityweekly
Interview with Mikko Hypponen To kick off our ten-year anniversary we interview Mikko Hypponen of F-Secure. We talk about the first virus discovered, reviewing printed viruses, and more. Visit our wiki for list of important links including the one that got him banned from Twitter: http://wiki.securityweekly.com/wiki/index.php/Episode438#Guest_Interview:_Mikko_Hypp.C3.B6nen_10:05_AM L0pht Heavy Industries Panel L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future. Security Weekly Web Site: http://securityweekly.com Hack Naked Gear: http://shop.securityweekly.com Follow us on Twitter: @securityweekly
Synopsis In this episode, streamed live and recorded for your listening pleasure, I'm joined by @SpaceRog and @Shpantzer from Security BSides Delaware. What started out as an off-the-cuff discussion on the 'Cyber Apocalypse' quickly materialized into a much longer discussionw which dove into various aspects of infrastructure security, critical protection and even the inability to separate the physical from the cyber worlds. Join us for a little bit of nostalgia, a little bit of knowledge and a lot of commentary from these two very smart staples of the security community. This is one of those conversations which I barely edited... it was free-flowing, entertaining and insightful. I hope you enjoy it! Guests @Spacerog - Spacerog is one of the founders of L0pht, and founder of the HNN (Hacker News Network) way, way back in "the day"... He has a full profile here. @Shpantzer - Shpantzer is a veteran of the security industry and describes himself as "Information security and risk management consultant. Strong project manager with interdisciplinary skillset to solve complex business and technical problems." He also writes for the "Shpantzer on Security" blog (which you should be following).
160;Ralfe got Joe Grand into the Security Summit studio to discuss a wide range of topics, including the value of security podcasting....
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
The computer and network security fields have made little progress in the past decade. The rhetoric that the field is in an arms race; attacks are becoming more complicated and thus defenses are always in a keep-up situation makes little sense when 10 year old root kits, BGP and DNS attacks that have been widely publicized for years, and plain-text communications streams are still being taken advantage of. This talk looks at the environment without being skewed by currently marketed solutions. It then presents corollaries for environments in different disciplines, such as economics and physics, talks to certain psychological situations that prohibit researchers and organizations from being able to correctly address the problems, maps these solutions into Counter Intelligence and Counter Espionage models and finally applies them to low level network and systems communications. This presentation involves audience participation to point out ways of breaking the helplessness cycle (for the defensive side) or to better target areas for exploitation (for the offensive side). "Mudge" - Peiter Mudge Zatko Better known as Mudge, the hacker who testified to the Senate that he could "take the Internet down in 30 minutes", Zatko has been a pioneer of the commercial information security and warfare sector since the 1980s. The leader of the hacker think-tank "L0pht", he founded @stake and Intrusic and currently works as a Division Scientist for BBN Technologies (the company that designed and built the Internet). Mudge is the creator of L0phtCrack - the premier MS password auditor, SLINT - the first source code vulnerability auditing system, AntiSniff - the first commercial promiscuous system network detection tool, and Zephon - Intrusic's flagship product focused on Counter Intelligence / Counter Espionage for corporate Insider-Threat. His other software works are now included in several distributions of commercial and public domain operating systems. As a lecturer and advisor Mudge has contributed to the CIA's critical National security mission, was recognized as a vital contributor to the success of the President's Scholarship for Service Program by the NSC, has briefed Senators, the former Vice President and President of the United States, and has provided testimony to the US Senate multiple times. An honorary plank owner of the USS McCampbell and referenced as part of 'U.S. History' in Trivial Pursuit, his mission remains constant to "make a dent in the universe".
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
The computer and network security fields have made little progress in the past decade. The rhetoric that the field is in an arms race; attacks are becoming more complicated and thus defenses are always in a keep-up situation makes little sense when 10 year old root kits, BGP and DNS attacks that have been widely publicized for years, and plain-text communications streams are still being taken advantage of. This talk looks at the environment without being skewed by currently marketed solutions. It then presents corollaries for environments in different disciplines, such as economics and physics, talks to certain psychological situations that prohibit researchers and organizations from being able to correctly address the problems, maps these solutions into Counter Intelligence and Counter Espionage models and finally applies them to low level network and systems communications. This presentation involves audience participation to point out ways of breaking the helplessness cycle (for the defensive side) or to better target areas for exploitation (for the offensive side). "Mudge" - Peiter Mudge Zatko Better known as Mudge, the hacker who testified to the Senate that he could "take the Internet down in 30 minutes", Zatko has been a pioneer of the commercial information security and warfare sector since the 1980s. The leader of the hacker think-tank "L0pht", he founded @stake and Intrusic and currently works as a Division Scientist for BBN Technologies (the company that designed and built the Internet). Mudge is the creator of L0phtCrack - the premier MS password auditor, SLINT - the first source code vulnerability auditing system, AntiSniff - the first commercial promiscuous system network detection tool, and Zephon - Intrusic's flagship product focused on Counter Intelligence / Counter Espionage for corporate Insider-Threat. His other software works are now included in several distributions of commercial and public domain operating systems. As a lecturer and advisor Mudge has contributed to the CIA's critical National security mission, was recognized as a vital contributor to the success of the President's Scholarship for Service Program by the NSC, has briefed Senators, the former Vice President and President of the United States, and has provided testimony to the US Senate multiple times. An honorary plank owner of the USS McCampbell and referenced as part of 'U.S. History' in Trivial Pursuit, his mission remains constant to "make a dent in the universe".
The Story of 'L0pht', Part 1Advertising Inquiries: https://redcircle.com/brands
L0pht, Part 2Advertising Inquiries: https://redcircle.com/brands