Welcome, SecurityFocus Readers!

Thomas Ptacek | April 3rd, 2007 | Filed Under: Navel Gazing

May we take a moment to introduce ourselves?

We’re Matasano security and you may be reading us for the first time on SecurityFocus’ new blog syndication setup. You can visit our company site for more about what we do for enterprises and vendors; that’s the last we’ll say about that for now.

Who are we? Well, for the people you’ll see writing here:

• I’m Thomas Ptacek. I co-founded Matasano. I’m a vulnerability researcher, part-time product marketer, full-time developer, ex-ISP operations guy. You may have met me at Arbor Networks, my old multicast startup Sonicity, Network Associates, or, if you had an ISP account in Chicago in the ’90s, EnterAct.

• On rhythm guitar is Dave Goldsmith. Dave is El Presidente de Matasano; his claims to fame include the first public X86 stack overflow exploit, co-founding @stake and running their training division, and starting the MacOS X security research division of Matasano. Dave writes on this blog as often as I do.

• Behind the drum kit is Jeremy Rauch. Jeremy and I started Matasano together (hiring Dave to be our much-needed boss a month later). Jeremy’s been a principal engineer on two optical switches, helped start SecurityFocus, worked with me at Network Associates, and was one of the first ISS X-Force researchers.

If you’re not familiar with our blog already, let me take a second to tell you what we’re about:

We’re shop talk about network and information security. Our “beats” include:

• Vulnerability research, new findings, and full disclosure debates, which we fight incessantly.

• Network security, intrusion prevention hardware, architecture, and evasion: full disclosure, we have a product coming up in this space that biases us.

• Security marketing and industry punditry (we’re cynics, but Dave and I have done time in marketing and sales).

• Mac OS X security (we’re standardized on OSX).

• Reverse code engineering and protocol reverse engineering. If you have to reverse-engineer a protocol, chances are you’re going to be able to break it when you’re done.

There are about 600 posts on our blog going back 2 years; that’s probably around half a million words. To spare you from reading most of them, here are some pointers to favorite posts:

• 18 standout posts from 2005 and 2006, including internal security, reversing, Apple, and vulnerabilities, including at least one written as a movie script.

• A series Nate Lawson did with me on how to forge RSA keys using Bleichenbacher’s attack that broke OpenSSL. I promise, more fun than it sounds.

• Dave’s two-part Dowd, McDonald, and Schuh secure coding challenge that we did to help them launch their (must read) book on secure programming. We got stumped. Like, six times.

• Our work on detecting hardware virtualized rootkits, building on Matasano emeritus Dino Dai Zovi’s Vitriol hypervisor rootkit.

• We find vulnerabilities for our clients. Like, a lot. We have a code of ethics. Everyone else should, too, even if isn’t the same as ours.

We’d love your feedback. Send it to blog at matasano.com. Or post a comment. We try to reply to all of them. Thanks for reading!