Profile

Scrapbook photo 1
Kevin W. Wall
Works at Wells Fargo
Attended Marietta College
134 followers|41,471 views
AboutPosts
People
Have him in circles
134 people
Malleshwar Chelluri Durga's profile photo
Ian L.'s profile photo
alaa hider's profile photo
Simon Bennetts's profile photo
Miaochun Xu's profile photo
Pulasthi Mahawithana's profile photo
Robert Browning's profile photo
Chloe Barraza's profile photo
Kelly Letarte's profile photo
Work
Occupation
Application / information security
Skills
Java, application security, applied cryptography, *nix system administration security, ksh / bash programming
Employment
  • Wells Fargo
    Information Security Engineer 5, 2013 - present
  • CenturyLink (f/k/a Qwest Communications)
    Staff Security Engineer, 1999 - 2013
  • Light Source Software Labs
    Founder / Principal Consultant, 1996 - 2000
  • Bell Labs
    DMTS, 1994 - 1996
  • Bell Labs
    MTS, 1984 - 1994
Basic Information
Gender
Male
Relationship
Married
Story
Tagline
A computer geek and dinosaur, not quite yet extinct...
Introduction
I now work for the Secure Code Review team at Wells Fargo as a Information Security Engineer. Before that I worked at CenturyLink (formerly Qwest) as a Staff Security Engineer under Risk Management / Information Security. During the 10 years prior to this, I worked as the tech lead on an Application Security team in (then) Qwest's IT division.

Before even that, I spent 3+ years as an independent contractor consulting on C++ and Java development, and 17 years at (then) AT&T (now Alcatel-Lucent) Bell Labs where I was a DMTS. (Told you I was a dinosaur! Ask me about piggyback twistor memory someday and how I used it to stay warm in the labs.)

I currently am working on the OWASPI ESAPI for Java project and most of my time is spent on ESAPI's crypto system.  After years of swearing that I'd never program in C++ again, lo and behold, I find myself working working on the new ESAPI for C++ project. I really *must* be a masochist.

Lastly, co-mentoring a student with John Melton for the Google Summer of Code 2012. The student's GSoC project is to develop a SOAP web service to interface with the OWASP AppSensor engine.
Bragging rights
Survived C/C++ without fatally stabbing myself with pointers. ;-)
Education
  • Marietta College
    BS in physics and mathematics
  • Case Western Reserve University
    MS in Computer Information Science, 1988 - 1991

Stream

Kevin W. Wall

Shared publicly  - 
 
Heartbleed used to censor downloads of crypto
GoodCrypto News: examine good security practices and risks.
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
The Marriott and related subsidiaries and business interests are appealing to the FCC to be allowed to disrupt their guests receiving of WiFi all in the "interest" of protecting their customer's privacy. If you've seen what they charge for their WiFi access, you might suspect they have ulterior motives. I guess I know where I'll no longer be staying.
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
It's happened before...what's to stop it from happening again?
The New York Times has published an unredacted version of the famous “suicide letter” from the FBI to Dr. Martin Luther King, Jr.
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
Interesting exploit based on a DRAM bug. This is one to keep an eye on since it may be widespread and people rarely replace RAM in their systems.
 
"“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory."
Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer [This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero b...
2 comments on original post
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
I'm expecting this is going to be put to more evil uses than good uses as I think it will up the ante on reverse engineering malware considerably.
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder. At…
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
True that.
 
hahaha....sounds legit.....😉😉😃
1 comment on original post
2
Add a comment...
Have him in circles
134 people
Malleshwar Chelluri Durga's profile photo
Ian L.'s profile photo
alaa hider's profile photo
Simon Bennetts's profile photo
Miaochun Xu's profile photo
Pulasthi Mahawithana's profile photo
Robert Browning's profile photo
Chloe Barraza's profile photo
Kelly Letarte's profile photo

Kevin W. Wall

Shared publicly  - 
 
What's wrong with this IP address?

Was watching an episode of CSI: Cyber that aired 4/15/2015 ("The Evil Twin"). This was supposedly the HTML code from a HTML email reply from someone who had clicked on a spear phishing attempt. One of the CSI Cyber members of the FBI team proudly displayed this on one of the office's large screen monitors as she proclaimed "he forgot to remove his IP address from his email" (or a similarly forgettable line). This was what was displayed and the IP address that allowed them to track down their first suspect. Notice anything wrong?
1
Eoin Keary's profile photoKevin W. Wall's profile photo
2 comments
 
+Eoin Keary
Yeah, guess that version doesn't use octets any longer. Or in the future "bytes" are now at least 11 bits long. So what would they call those? Undectets? :)
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
I must be honest, I don't this such reform has a snowball's chance in hell, but how can we look future generations in the eye if we don't try?
 
If you are a voter in the US, please consider signing this.

If you aren't, don't be too smug. Pretty much all other countries have less controls on their spooks compared to the US; some countries might be less competent at implementing a panopticon, but GHCQ (for example) has admitted that they can put any British subject under surveillance if they feel like it, without needing to suspect that the person has committed a crime, and without asking a judge first. 
Read our letter to U.S. House and Senate leadership on how our surveillance laws should be changed. Then add your name to show your support. #United4NSAReform
6 comments on original post
1
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
Gobble, Gobble!

Apparently, I didn't know there was an epidemic breaking out in central Ohio. Yesterday, at 7:30pm, two of the four local Columbus TV channels (WCHM and WSYX) both had on the same broadcast...a 30 minute infomercial called "Do you have a turkey neck?". Thank God for ESPN and NCAA men's basketball.

BTW, does anyone know...is turkey neck white meat or dark meat?
1
1
Rick Barker's profile photo
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
Look out, here it comes again!
 
"The Trans-Pacific Partnership agreement (TPP) poses massive threats to users in a dizzying number of ways. It will force other TPP signatories to accept the United States' excessive copyright terms of a minimum of life of the author plus 70 years, while locking the US to the same lengths so it will be harder to shorten them in the future. It contains DRM anti-circumvention provisions that will make it a crime to tinker with, hack, re-sell, preserve, and otherwise control any number of digital files and devices that you own. The TPP will encourage ISPs to monitor and police their users, likely leading to more censorship measures such as the blockage and filtering of content online in the name of copyright enforcement. And in the most recent leak of the TPP's Intellectual Property chapter, we found an even more alarming provision on trade secrets that could be used to crackdown on journalists and whistleblowers who report on corporate wrongdoing."
The Trans-Pacific Partnership agreement (TPP) poses massive threats to users in a dizzying number of ways.
View original post
1
Andrew van der Stock's profile photo
 
They just want to make the tax payer pay for their civil lawsuits and scale it up.
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
Who needs Big Brother when your own TV is spying on you?

Caveat emptor: Read the fine print! Of course, at some point in the future when companies realize all the money to be made on the Internet of Things, it will be all but impossible to buy dumbed-down devices that do not connect to the Internet. Some of them you certainly will be able to turn off, but it likely won't be possible for some, at least without some significant hack. (To encourage you to allow the connection, they could cripple some functionality when disconnected or offer discounts when connected or a combination of both.)

Of course, being the skeptic that I am, I'm sure that the manufacturers of IoT devices will come up with some way to have their lobbyists influence congress to pass laws in our "best interest" to make tampering with their devices that you purchased illegal. That will have to be enforced through some contract that will offer you some hefty discount up front (or they will have to turn to licensing rather than purchasing), but they'll figure out a way to hook people somehow.
Technically Incorrect: Samsung's small print says that its Smart TV's voice recognition system will not only capture your private conversations, but also pass them onto third parties.
1
Kevin W. Wall's profile photo
2 comments
Add a comment...

Kevin W. Wall

Shared publicly  - 
 
And he thought he was going to escape. #gobuckswebeattheducks  

Coach Meyer, would you like that in a to-go cup or are you going to drink it here?
1
Add a comment...