Image taken from 24 Hours in Cyberspace - Tan explains Technology Reclaimation. For more shots of this and other studly d00ds, check out the L0pht presskit

motd 01.31.2000

L0pht is still Alive and thanks to @Stake, bigger than ever! We're on new (:^b) equipment, and this year's sexiest chairs (according to Details magazine 1/2000)! Whoo-hoo, finally full time! Thanks to everyone who called and mailed to congratulate me and for those of you who didn't, what rock have you been hiding under?

For those interested in more details about L0pht's merger with @Stake - we did up a FAQ that's pretty informative and funny and is worth a read.

I've moved to a simpler format and with a change in computing platform, need to get myself another copy of pgp. Once I do, I'll update my pgp key. Now that I'm releasing papers, that's what this page will focus on along with providing the information I usually provide on L0pht (press kit and Pr0nNet topology map). For now I'm continuing my Palm Pilot Document Library but I don't have time to add new stuff.

I just spoke at SANS this October in New Orleans. I just attended RSA 2000 in San Jose, CA and did the @Stake booth-babe thing in January. I hope to meet some of you at this year's DEFCON.



Papers 01.15.2000
Online-Banking - Everybody's a #*$&!# Expert 12.15.1999
A slide-show I have used to demonstrate "following a bad example" in a talk on security pitfalls in software engineering (BU) but was meant as expert testimony on negligence on the part of the banking industry. This paper examines the currently deployed model for browser based transactions. While everyone from web based email to online shopping to banking is vulnerable, banking by far has the most potential impact on the consumer. Additionally, the banking industry has demonstrated a much higher degree of effort in the past which seems to have been cut-out by today's ROI happy CIOs and marketing wizzards...

Read all about it:




CyberUL 01.04.1999
CyberUL examines software and professional certification as it relates to the industry today and why it is so out of whack with what is needed. In order to clean things up, the UL model may be a guide but other things have to change; namely, the only thing that will make or break the state of security is the demand for it. Customers are at the very root of the problem in that they don't demand security and they don't question security salesmen. If customers, large customers especially, really demanded security, Microsoft would not be operating like it does today.

Read all about it:






Pr0nNet 04.15.1999

Pr0nNet was designed to distribute 90ohm signal bearing pr0n for content. Pr0nNet currently facilitates pr0n and other viewing content in 2 labs, the bathroom, the media room and the library. In total there are now 14 viewing nodes and 4 input nodes. Pr0n and other content may be input via VHS VCR (and subsequently UHF/VHF), LaserDisc, the Media Room's PC, or our video conferencing camera.

As keeper of the Pr0nNet topology map, I have compiled the following statistics:

statistics as of 4/15/99 at the height of pr0nnet's presence

green=input,

red=composite-out,blue=rf-out
Number of Media Room Nodes 5
Number of Library Nodes 3
Number of Software Lab Nodes 2
Number of Hardware Lab Nodes 2
Number of NOC Nodes 0
Number of Bathroom Nodes 2
Total Number of Nodes 14
Number of Inputs 4




Presskit 04.15.1999
As keeper of the L0pht PressKit, I have compiled the following statistics:


Number of 1999 Entries n/a
Number of 1998 Entries 62
Number of 1997 Entries 24
Number of 1996 Entries 11
Number of 1995 Entries 6
Total Number of Entries (12.31.1998) 103


Space Rogue has been working on some of the content, breaking down some of the video content into "Web Presentable Format". So far he's got highlights from our appearances on The BBC and New England Cable News.



Pilot Library 04.15.1999
My Palm Pilot Document Library, where a bunch of useful documents can be found in DOC reader format, will remain up however I'm not updating it anymore unless a bunch of answering machine instructions come in. I may refresh it with the latest advisories and/or documents from NMRC (but then again I may not). In other words, its still here but don't hold your breath for updates.


Contact 01.31.2000
I often need to exchange both casual and private messages with folks. To contact me, send mail to tan@l0pht.com. You should assume that all mail sent to/from L0pht has been read by someone else while in transit between our mail system and yours. To insure your privacy, use my PGP version 5 public key (02.17.1999):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0

Stay Tuned... (01.31.2000)

-----END PGP PUBLIC KEY BLOCK-----