Haroon Meer
Ranum Reloaded..
A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the words “Ranum is indeed much better than this..“. Ranum spoke recently at Source Boston, and his talk [The Anatomy of Security Disasters] indeed shows this is true..
If you are in the industry to make a quick buck, or because it beats flipping burgers at McD’s, you probably dont need to, but if you are involved with security decisions at any level, then you really should take a few minutes to digest his talk.
Hello World (With an LED)
Way back when i was a sysadmin, i recall reading a quote from one of the ATT greybeards who said something to the effect of “every competent sysadmin should be able to build his own network card”.
Of course most of us have spent tons of time ripping apart electronics and “watching what happens when you connect X and Y”, but unlike the electronic engineers with their oh-so-cool multi-meters ive never actually done any plc programming..
!exploitable [Vuln finding freebie from MSFT]
Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here].
I have not looked at it, but a glance at the slides implies that they aim to solve the problem of too many dumps – not enough time..
Its pretty cool.. and that Microsoft is releasing this is even cooler..
Jack C. Louis: Jan 5, 1977 – March 14, 2009
Truly tragic. We are all poorer for it.. It really was an honor and a privilege to have known him..
Like deja-vu (all over again)
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q)..
The sentiment pops up periodically (in different forms) and it seems like CansecWest this year has seen a resurgence of it.. From Charlie Millers comments on the Safari bug:
“Did you consider reporting the vulnerability to Apple?
I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there’s value to this work. No more free bugs.”
Only an idiot will install a beta os on his primary phone..
and i am that idiot…
Developers signed up with Apples Dev Program get to take iPhoneOS3.0 out for a spin, so that the app store can have ver3 apps when the new OS launches.. A quick download (as quick as it gets in South Africa), a prayer (or 10) during install:
and now i too have a phone that can handle cut n paste! (tho admittedly it feels surprisingly fiddly to me at this point).
CodeGate – 2009
[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of challenges and solutions [here]
Defcon 16 Videos Available..
Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was genuinely wow’ed at the video quality.. I have only gone through a couple of the presentations, but its the first time ive found demos video’d well enough to follow ferpectly on screen..
Readers can pull the videos from [here]
SensePost’ers can pull from [here]
/mh
PS. When we did our talk (pictured above) i had almost no voice and a flu from hell
MacBook Pro – Battery RIP
About 2 weeks ago the battery performance on my machine took a sudden nose dive. Worse than the fact that it started giving me only about 1 hour, is the fact that its become perfectly unreliable in terms of watching the battery meter. (Once it reaches about 30% it switches off).
Then yesterday i started noticing a wobble on the machine as it sat on my desk.. A quick examination this morning shows that the Battery has warped completely..
Top Ten Web Hacking Techniques of 2008
(aka – Whoot! we are almost famous!!)
Jeremiah Grossman’s panel of judges (Rich Mogull, Chris Hoff, HD Moore and RFP) hath spoken (or spake) and the top 10 web-hacking techniques of 2008 have been published.
Of course we would be lying completely if we said it wasn’t cool to make it into the top 10 (and doubly cool to make it twice in the top 10!)..