Tom Cross
X-Force Researcher
IBM Internet Security Systems
Atlanta, GA
email: tom at tomcross.info
personal blog: http://www.memestreams.net/users/decius
Research Interests:
Secure Internet Protocol Design
Application Software Vulnerabilities
Voice over IP Security
Privacy and Anonymity
Reputation Systems
Electronic Communities
Biography
Tom Cross wears many hats. He is a current member of IBM Internet Security System's X-Force Advanced Research Team, where he focuses on vulnerability analysis and emerging technologies. In 2001, Tom
cofounded MemeStreams, a innovative
collaborative blogging system that combines social networking and reputation
systems technology. Tom has operated electronic communities both on the web
and over the modem since 1991. He is also an Internet privacy and freedom
advocate and frequently speaks on technology policy issues. In 1996 he
cofounded Electronic Frontiers Georgia, where he participated in a successful
effort to prevent the State of Georgia from banning pseudononymous speech online. Tom received a BS in Computer Engineering from the Georgia Institute of Technology in 1999.
Personal Projects
MemeStreams - A collaborative blogging system featuring reputation system based filtering and social search.
Tabjab - A social accounting system that helps friends and roommates keep track of interpersonal debt.
Academic Publications
"Puppy smoothies: Improving the reliability of open, collaborative wikis," First Monday, September 2006.
Vulnerabilites I'm credited for researching
cisco-sa-20070808-IOS-IPv6-leak Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
MS07-033 Internet Explorer COM object instantiation
CVE-2007-2388 Apple Quicktime for Java remote code execution
MS06-036 Windows SMB Denial of Service
X-Force Alert 228 Asterisk PBX Denial of Service
X-Force Alert 229 Asterisk PBX Traffic Amplification
Other Writing
"Internet Protocol Television," X-Force Threat Insight Monthly, March, 2007.
"Academic freedom and the hacker ethic," Communications of the ACM, June 2006.
"DNS WHOIS: Barking up the wrong tree," CircleID, June 28, 2004
Public Speaking
"Dinner Topic: Creativity and Vulnerability," 8th Annual IEEE SMC Information Assurance Workshop, June 2007, West Point, New York
"Web Search Privacy Panel," 16th International World Wide Web Conference, May 2007, Banff, Alberta, Canada
"Emerging Threats and Vulnerabilities," Cyber Crime Summit 2007, Atlanta, Georgia
"Network Neutrality Panel," Electronic Frontier Forums 2006, Atlanta, Georgia
"Information Warfare for the People," Phreaknic 9, October 2005, Nashville, Tennessee [Full Talk]
"Network Security for Internet Service Providers," Asia Pacific Regional Conference on Operational Technology (APRICOT), February 2001, Kuala Lumpur, Malaysia
"Covert Channels," IS2K, November 2000, Seoul, Korea