Director of Security Research
email: tom at tomcross.info
personal blog: http://www.memestreams.net/users/decius
Secure Internet Protocol Design
Application Software Vulnerabilities
Voice over IP Security
Privacy and Anonymity
Tom Cross wears many hats. He is currently Director of Security Research at Lancope where he works on developing network behavioral anomaly detection technology.
He was previously a member of IBM Internet Security System's X-Force Advanced Research Team, where he focused on vulnerability analysis and edited the X-Force Trend Report. In 2001, Tom
cofounded MemeStreams, a innovative
collaborative blogging system that combines social networking and reputation
systems technology. Tom has operated electronic communities both on the web
and over the modem since 1991. He is also an Internet privacy and freedom
advocate and frequently speaks on technology policy issues. In 1996 he
cofounded Electronic Frontiers Georgia, where he participated in a successful
effort to prevent the State of Georgia from banning pseudononymous speech online. Tom received a BS in Computer Engineering from the Georgia Institute of Technology in 1999.
Wiki Voter Guide - A tool for researching upcoming elections with Wikipedia.
MemeStreams - A collaborative blogging system featuring reputation system based filtering and social search.
Tabjab - A social accounting system that helps friends and roommates keep track of interpersonal debt.
Papers and Publications
Secure Open Wireless Access Blackhat Arsenal, 2011
Can alersting the public about exploitation do more harm than good? FIRST Conference, 2011
Exploiting Lawful Intercept to Wiretap the Internet," Blackhat DC, 2010
"Puppy smoothies: Improving the reliability of open, collaborative wikis," First Monday, September 2006.
Vulnerabilites I'm credited for researching
MFSA2008-37 Mozilla Stack Buffer Overflow
cisco-sa-20070808-IOS-IPv6-leak Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
MS07-033 Internet Explorer COM object instantiation
CVE-2007-2388 Apple Quicktime for Java remote code execution
MS06-036 Windows SMB Denial of Service
X-Force Alert 228 Asterisk PBX Denial of Service
X-Force Alert 229 Asterisk PBX Traffic Amplification
"Internet Protocol Television," X-Force Threat Insight Monthly, March, 2007.
"Academic freedom and the hacker ethic," Communications of the ACM, June 2006.
"DNS WHOIS: Barking up the wrong tree," CircleID, June 28, 2004
"Dinner Topic: Creativity and Vulnerability," 8th Annual IEEE SMC Information Assurance Workshop, June 2007, West Point, New York
"Web Search Privacy Panel," 16th International World Wide Web Conference, May 2007, Banff, Alberta, Canada
"Emerging Threats and Vulnerabilities," Cyber Crime Summit 2007, Atlanta, Georgia
"Network Neutrality Panel," Electronic Frontier Forums 2006, Atlanta, Georgia
"Information Warfare for the People," Phreaknic 9, October 2005, Nashville, Tennessee [Full Talk]
"Network Security for Internet Service Providers," Asia Pacific Regional Conference on Operational Technology (APRICOT), February 2001, Kuala Lumpur, Malaysia
"Covert Channels," IS2K, November 2000, Seoul, Korea