NetApp and Matasano Collaborate on MultiStore Security

NetApp has published the results of a research project we conducted evaluating their operating system, iSCSI SAN stack, NFS and CIFS NAS stacks, and HTTP and SSH management interfaces. Read more.

Matasano is an independent security research and development firm. We work with vendors and enterprises to pinpoint and eradicate security flaws, using penetration testing, reverse engineering, and source code review.

Patch Your (non-DJBDNS) Server Now. Dan Was Right. I Was Wrong.

Thomas Ptacek | July 09th, 2008

Thanks to Rich Mogull, Dino and I just got off the phone with Dan Kaminsky. We know what he’s going to say at Black Hat.

What can we say right now?

  1. Dan’s got the goods. You know that scene near the end of High Fidelity where Jack Black listens to the skate punk’s electroclash demo? Yep. It’s really f’ing good.

  2. This is strong year at Black Hat: Dowd and Lawson in particular have awesome talks linked up. But Dan may have Best of Show here.

  3. If you were running DJBDNS before, you’re safe. If you made fun of me for running DJBDNS: sucker.

  4. Ryan Russell pointed out earlier on our blog that Dan takes a lot of crap for doing so much public research. You can’t be in the public eye for long without taking fire from people who write shellcode instead of Black Hat talks and press releases. Ryan is right: it’s not fair. I don’t know how you can give Dan crap about his work after this.

I think Dan should come clean on this and publish the details. The 30 days he’s given before Black Hat won’t make much of a difference. But his reason for not doing it is at least plausible. And he did the work. So, it’s his call.

I think I owe Chris Eng $100 now.

Comment Bubble

Who We Are

Since 1994, Matasano researchers have had founding roles in the first security research labs, discovered new classes of vulnerabilities, secured operating systems, and shipped large software projects. We’ve been behind some of the first breaks in SAN technology, virtualization, and financial protocols. Our work has been featured in Network World, eWeek, Forbes, Macworld, Wired, and the Washington Post, and at conferences ranging from Black Hat to Gartner.