Tom Cross

Atlanta, GA
email: tom at

Research Interests:
Secure Internet Protocol Design
Application Software Vulnerabilities
Electronic Communities
Privacy and Anonymity
Reputation Systems

Papers and Publications

Secure Open Wireless Access Blackhat Arsenal, 2011
Can alersting the public about exploitation do more harm than good? FIRST Conference, 2011
Exploiting Lawful Intercept to Wiretap the Internet," Blackhat DC, 2010
"Puppy smoothies: Improving the reliability of open, collaborative wikis," First Monday, September 2006.

Vulnerabilites I'm credited for researching

MFSA2008-37 Mozilla Stack Buffer Overflow
cisco-sa-20070808-IOS-IPv6-leak Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
MS07-033 Internet Explorer COM object instantiation
CVE-2007-2388 Apple Quicktime for Java remote code execution
MS06-036 Windows SMB Denial of Service
X-Force Alert 228 Asterisk PBX Denial of Service
X-Force Alert 229 Asterisk PBX Traffic Amplification

Other Writing

"Internet Protocol Television," X-Force Threat Insight Monthly, March, 2007.

"Academic freedom and the hacker ethic," Communications of the ACM, June 2006.

"DNS WHOIS: Barking up the wrong tree," CircleID, June 28, 2004

Public Speaking

"Dinner Topic: Creativity and Vulnerability," 8th Annual IEEE SMC Information Assurance Workshop, June 2007, West Point, New York

"Web Search Privacy Panel," 16th International World Wide Web Conference, May 2007, Banff, Alberta, Canada

"Emerging Threats and Vulnerabilities," Cyber Crime Summit 2007, Atlanta, Georgia

"Network Neutrality Panel," Electronic Frontier Forums 2006, Atlanta, Georgia

"Network Security for Internet Service Providers," Asia Pacific Regional Conference on Operational Technology (APRICOT), February 2001, Kuala Lumpur, Malaysia