Tom Cross

Director of Security Research
Atlanta, GA
email: tom at
personal blog:

Research Interests:
Secure Internet Protocol Design
Application Software Vulnerabilities
Voice over IP Security
Privacy and Anonymity
Reputation Systems
Electronic Communities


Tom Cross wears many hats. He is currently Director of Security Research at Lancope where he works on developing network behavioral anomaly detection technology. He was previously a member of IBM Internet Security System's X-Force Advanced Research Team, where he focused on vulnerability analysis and edited the X-Force Trend Report. In 2001, Tom cofounded MemeStreams, a innovative collaborative blogging system that combines social networking and reputation systems technology. Tom has operated electronic communities both on the web and over the modem since 1991. He is also an Internet privacy and freedom advocate and frequently speaks on technology policy issues. In 1996 he cofounded Electronic Frontiers Georgia, where he participated in a successful effort to prevent the State of Georgia from banning pseudononymous speech online. Tom received a BS in Computer Engineering from the Georgia Institute of Technology in 1999.

Personal Projects

Wiki Voter Guide - A tool for researching upcoming elections with Wikipedia.
MemeStreams - A collaborative blogging system featuring reputation system based filtering and social search.
Tabjab - A social accounting system that helps friends and roommates keep track of interpersonal debt.

Papers and Publications

Secure Open Wireless Access Blackhat Arsenal, 2011
Can alersting the public about exploitation do more harm than good? FIRST Conference, 2011
Exploiting Lawful Intercept to Wiretap the Internet," Blackhat DC, 2010
"Puppy smoothies: Improving the reliability of open, collaborative wikis," First Monday, September 2006.

Vulnerabilites I'm credited for researching

MFSA2008-37 Mozilla Stack Buffer Overflow
cisco-sa-20070808-IOS-IPv6-leak Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
MS07-033 Internet Explorer COM object instantiation
CVE-2007-2388 Apple Quicktime for Java remote code execution
MS06-036 Windows SMB Denial of Service
X-Force Alert 228 Asterisk PBX Denial of Service
X-Force Alert 229 Asterisk PBX Traffic Amplification

Other Writing

"Internet Protocol Television," X-Force Threat Insight Monthly, March, 2007.

"Academic freedom and the hacker ethic," Communications of the ACM, June 2006.

"DNS WHOIS: Barking up the wrong tree," CircleID, June 28, 2004

Public Speaking

"Dinner Topic: Creativity and Vulnerability," 8th Annual IEEE SMC Information Assurance Workshop, June 2007, West Point, New York

"Web Search Privacy Panel," 16th International World Wide Web Conference, May 2007, Banff, Alberta, Canada

"Emerging Threats and Vulnerabilities," Cyber Crime Summit 2007, Atlanta, Georgia

"Network Neutrality Panel," Electronic Frontier Forums 2006, Atlanta, Georgia

"Information Warfare for the People," Phreaknic 9, October 2005, Nashville, Tennessee [Full Talk]

"Network Security for Internet Service Providers," Asia Pacific Regional Conference on Operational Technology (APRICOT), February 2001, Kuala Lumpur, Malaysia

"Covert Channels," IS2K, November 2000, Seoul, Korea