Grey bar Blue bar
Share this:

Wed, 27 Jun 2007

We're Hiring!

We're looking for someone rocking to join our AMS team. Apart from spunk, brains, charm and dazzling good looks, this is what we'll be looking for:

- Tertiary education - CISSP - Serious enterprise IT experience - Solid 'nix skills - (At least) basic coding experience - (At least) basic VA skills (Nessus or equivalent)

If you can think of someone you know like and trust that could fit this bill please let us know

Mon, 25 Jun 2007

Wikto 2.0 Released

Wikto 2.0 was released on Friday and is available from our tools page.

This is a major release and contains numbers of bugfixes and updates, including the following:

  • Uses the Dot-Net 2 runtime
  • Brand new GUI
  • Updated Nikto scanning engine which substantially reduces false positives
  • Sorting of Nikto results
  • Integrated web spider for directory mining
  • Pause / Resume functions
  • Recalculation of back end mining results
  • SensePost Aura integration for those who dont have Google API keys
  • Support for SSL via Proxy
Additionally, the dependancies on WinHTTrack and HTTPrint have been dropped.

Tue, 19 Jun 2007

and then there was one....

First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. "Consolidation in the industry" is one of those horrible phrases that are always bandied about because it makes people seem analytical and fore-casty, but i think its pretty clear that there are stirrings in buyout land right now.. I guess it bodes well for WhiteHatSec and similar folks.. they surely have to be on the radar..

Talking of buyouts, its always been strange for me that CORE have managed to go by as long as they have without being purchased. Their technical roots being in Argentina might have explained it for a little while, but a whole bunch of years later.. i dont get it.. (Having said that, i must add the caveat that i am talking completely through my ear since im pretty sure they would have been approached often enough and could simply have been rejecting offers waiting for the right match..)

Its hardly bubble 2.0, and we not seeing insane ShuttleWorth'esque money being thrown about, but there is definitely a rumbling again, and a whole bunch of people are looking at the Application Security market going "Theres gold in them thar hills..."

Shuttleworth comments on Microsoft/Ubuntu deal rumours

Mark Shuttleworth on his blog makes it clear

-snip-

"We have declined to discuss any agreement with Microsoft under the threat of unspecified patent infringements."

...

I have no objections to working with Microsoft in ways that further the cause of free software, and I don’t rule out any collaboration with them, in the event that they adopt a position of constructive engagement with the free software community.

...

All the deals announced so far strike me as “trinkets in exchange for air kisses”. Mua mua. No thanks. -snip-

Lots of people threw stones when Mark started Ubuntu, and Debian die-hards saw it as the beginning of the end. In fairness, he has done outstandingly and although it hurts my ears every time i hear the word "Ubuntu" pronounced in foreign tongues (its oo BOON too) (not you-bun-to, oo-bun-to or any of the other variations that float around) it truly warms the heart to see such a huge steps made for Free Software, essentially from South Africa..

I wont get into the MSFT / Novel Novell patent discussions because theres been too much said about it already, and rightly or wrongly ill silently beam at Ubuntu's "Proudly South African" sticker!

Wed, 13 Jun 2007

Viva Las Vegas!

BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This year Marco and i will be taking a new look at some old attacks.. The bulk of the talk will focus (like its name suggests) on timing attacks, but we will be looking in general at timing, race conditions and other attacks that have not yet been packaged into tools and so are not yet prone to the type of over-fishing we have found with fuzzable bugs..

Dominique Brezinski from BlackHat posted a tiny splurb on it on their "black Page"..

Roll on Las Vegas.. 10 days of cheese pizza from the Caesars food Court.. i can hardly wait!