Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/26/2007
02:55 AM
50%
50%

RSnake, Unmasked

Hacker RSnake is shedding his old snakeskin and starting his own security consultancy

10:55 AM -- The snake is coming out of the shadows: Hacker RSnake, who founded ha.ckers.org, sla.ckers.org, and is a blogger for Dark Reading, has started his own boutique security consultancy. RSnake -- a.k.a. Robert Hansen -- is now heading up SecTheory, which will work with mid-sized companies (100-1,000 employees) that are under the same regulatory pressures as the big guys but don't have the staff or funding for the proper security expertise.

"As PCI becomes a bigger deal, strong security people are going to be harder and harder to find," says RSnake, whose day job for the past year was director of product management for a real-estate company, a Website job that had nothing to do with security.

RSnake has consulted on the side for a number of large enterprises in the past, and he plans to continue sharing as much of his experience as he can on his hacker sites. But he warns that he can no longer be considered unbiased now that he's back in the security industry game.

As for the new consulting firm, RSnake says he doesn't plan to invent new tools or treat their clients "like an assembly line." "Every company has unique challenges and needs, and I want our company to get to know them and work with them instead of just giving them a templated report."

He says he'll do whatever they need, whether it's help with their architecture, writing requirements documents, strategic planning, vulnerability assessments, whatever. "I don't want to be a shop that becomes too specialized or too bogged down in what we can and can't do," he says. And if there's something his firm can't do, he says they'll find one who can.

What about ha.ckers and sla.ckers? No worries, RSnake says. He'll continue with his work and posts on ha.ckers and sla.ckers "for the foreseeable future," he says. "It's a great way to stay in touch with the security world."

RSnake in the past has served in advisory roles for security startups and doesn't plan to discontinue his work there, either. (He'll still blog for Dark Reading, too).

"The reason I felt it necessary to come out of the shadows at all is that I felt it was unfair to keep that information from my readership," he says. "My readers had the right to know where their information was coming from. It may shape people's opinions of me or the site, but it would have been unfair to hide the fact that I had moved back into security."

He admits stepping out from behind his RSnake identity and mystique was a little scary, and risky. But he has no regrets: "I was a little worried about coming out of the shadows, as it were, but if you add up the good and the bad, I'm really just happy to be back in the security world -- it's where I belong."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
CVE-2021-32244
PUBLISHED: 2021-06-16
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
CVE-2021-32245
PUBLISHED: 2021-06-16
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
CVE-2021-34201
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
CVE-2021-34203
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...