Thursday, September 9, 2010

One year

On this day one year ago, Juliano and I released the Flickr bug which is a small beautiful crypto vulnerability that affects a dozen of high profile web 2.0 sites. Personally, it's my first published advisory, and I could still recall exactly how excited was I when Juliano called to tell that our work was voted as one of best web hacking techniques of 2009.

Actually the Flickr bug was an accidental discovery. At that time we were following something else that eventually leads to our second research Practical Padding Oracle Attacks a.k.a POET. We were chosen to present at Black Hat in Barcelona and USENIX WOOT in Washington DC. We came, we talked (well Juliano went alone to WOOT because I couldn't get a visa on time,) and people love it so much that they even nominated POET for the Pwnie award for Most Innovative Research. Well, we didn't get the award, but peer recognition is always a good source of motivation.

Fast forward to today. I just got my Argentine visa this morning. Tomorrow I will take a long flight to Buenos Aires to join, well who else, Juliano, to present at EKOPARTY about a zero-day crypto vulnerability in ASP.NET, the web technology from Microsoft. This is probably the most critical vulnerability in the history of ASP.NET, the underlined technology that powers more or less 25% of the web sites on the Internet. In short, we break the Internet!

It's been one hell of a year ;-).

4 comments:

NQH said...

Congratulations, Thái! One good work per year is *very* hard to accomplish. Keep it up!

Joxean Koret said...

Congratulations! ;)

Puky said...

See you at ekoparty!!
Greetings from Argentina.

KristoferA said...

So you didn't contact Microsoft first to give them a chance to provide a patch? You deliberately want to cause damage to the intarweb?