Haroon Meer
Spammers need love too..
-snip-
From: Haroon Meer <haroon@sensepost.com>
To: Marc Schneider <marcs@mplw.net>
Subject: Re: http://www.sensepost.com – Contact needed
Hi Dr Schneider.
* Marc Schneider [marcs@mplw.net] seemed to say:
>I am Dr. Marc Schneider and I work for Multilingual Search Engine
>Optimization Inc. in Washington DC ( Tel: 1 202-250-3645) – I would
>like to speak with the person in charge of your international
>clientele. Who is my contact? Who should I speak to??
>
>In fact, after visiting http://www.sensepost.com , I have noticed that your
>website
>cannot be found on foreign search engines (I tested it on Hispanic
>search engines, German search engines, Asian search engines, etc.) Our
>company is specialized in multilingual search engine promotions in 28
>languages . From the Japanese Google to the German Yahoo, from the AOL
>in Spanish to the MSN in Chinese, we can show you how to develop a
>true international online presence by promoting your website on
>foreign search engines.
Dvorak, on Windows 7, Microsoft and attention to details..
The other day i tweeted a link from John Dvorak reviewing Windows 7. He basically said that Microsoft was dying, and said the product was “made with the same cheap Microsoft vodka.”
Dvoraks not new to this[1], (i recall reading his columns in PC magazine in the early 90’s, so he has been around). He slates Microsoft, not because of the code in windows7, but because (he feels) Microsoft has stopped paying attention to details:
*sigh* alas poor kindle…
my wife might have a kindle, which i might have bought in the US, which she might have loved dearly.. Buying books might have been possible using the “gift card hack” or the “US Postal Address hack” – but alas! It seems as if i can no longer transfer my money from me to Amazon this way..
Must our beautiful friendship end this way amazon? Will this geofilter come between us after all these years?
2 pieces of coolness…
a) was the politely dropped kaminsky firefox bug [http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070620.html]
It still requires a click for command execution, but considering its multi platform firefox ownage sans shellcode, i think its cool.. i think its even cooler that dan dropped it sans any fanfare..
b) has to be Pusscat‘s attack on the SMBv2 Remote bug published on [the VRT blog..]
From the post:
“we get lucky here as well in that there is a pointer srv!pSrvStatistics which also points to srvnet!SrvNetStatistics, and counts the number of requests that have been made to a specific call (as well as other things).
Fasm2009 – Videos online..
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.”
Some of the videos can be grabbed [sp_local|Other]
/mh
About:SnowLeopard
Sure it only cost $29, but when you consider the number of people bowing down and thanking our Cupertino overlords you have to consider the following:
If the Emperor was given his new clothes today, #emperors_clothes would be trending on twitter (with ppl thanking the tailors for reduced closet space requirements)
/mh
John Viega’s “the myths of security”.. Really??
i go through a ton of books. Over the past 10 years, this has been dominated by books on computer security, computer science, programming (and some sprinklings of management classics).
I generally stay away from writing reviews, but was genuinely suprised at the number of 5 star reviews Viega’s new book had received and felt i had to chime in.
I picked up “the myths of security” (what the computer industry doesn’t want you to know) with hope, because O’Reilly books in general are well done and i really liked some of Johns previous books. Alas! I tried hard to think of a good thing to say about the book, and the best i can come up with right now is that “at least, it wont take up space on my bookshelf”.
The book is tiny (48 chapters, where each chapter is between a paragraph to 2-3 pages) which isn’t a bad thing, but it reads mostly as a collection of blog posts or hurriedly written notes-to-self.
Watch out Amazon…
’cause theres some serious cloud computing competition on the horizon..
A google search for Cloud Provider returns the following paid ads..
Now i know conventional logic says its a bad idea to judge a book by its cover, but..
Apple vs Microsoft as a malware target.. stop saying market share..
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just to hear [Andy Ihnatko’s] take on the industry and the (possible) motivations behind certain players moves. (he is sometimes wrong, but always worth listening to). The only time the things ever get a little cringe-worthy is when talk switches to malware and security (although both Andy and Leo for the most part have pretty reasonable balanced views on it).
Excellent paper from MSFT Research on inline proxies vs. SSL
Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The paper (and accompanying PPT), titled [Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments] is pretty cool and shows several techniques for a malicious inline proxy to sniff SSL sessions passing through the proxy. Its genuinely a bunch of cool findings and has been handled neatly (with the exception of some shocking clipart!).