Haroon Meer
Windows servers are now a (beta) option on Amazon Ec2
EC2 is now out of beta, and supports windows based ANI’s. [Big Day for EC2]
EC2 blows my mind, and from a bazillion miles away, i was truly surprised the Amazon got the jump on Google/MSFT/Apple/* with their offerings..
/mh
PS. how i managed to write on this as opposed to the [Stack based, pre-auth, wormable windows RPC overflow is anyones guess]
PPS. Actually.. in part its because im miffed. I just wrote a diatribe on how the fact that we werent goign to see another code-red / worm scare anytime soon was going to hurt us (ala aitel.owasp08) and this bug shuts me up for a bit – stay tuned for “is the industry still running on code-red?”
OWASP NYC Talks Posted..
The full videos from the OWASP NYC Conf have been posted.
At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here], SensePost’ers (except for those actually currently living in NY) can grab selected talks locally [here]
Sarah Palin, a yahoo email account, and something more shocking…
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as Sarah Palins nomination as possible future president ((unless of course you have ever heard of other govt. officials using yahoo/gmail/hotmail for serious business)(inside joke for south africans!)).
People have been talking about secure password resets for a long time [1] and this was pretty shocking all around..
A truly sweet hack!
[Solve mazes with Photoshop (or gimp)]
i must confess that while i understand the logic of flood-fill doing a depth first search and therefor doing the lifting for u, my gimp skills are second only to my MS-Word skills and i have managed to burn about 40 minutes this morning still unable to replicate it (there goes my report writing!)
/mh
Lets hope it does better than netsec.reddit..
Introducing [http://www.reddit.com/r/ReverseEngineering/]
(like its name suggests, a reddit thats all about Code RE..)
Enter Google Chrome…
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u.
It’s based on [webkit], which you might [recall] was impressive in many ways.. It has a few other interesting promises, like a brand new javascript engine [which sounds like an excellent target for future hackery] and a simple but sweet isolation concept [tabs are independent processes].
Like anything released from google, people expect it to change the world (now thats some heavy expectation-anxiety) but if nothing else it will be interesting to watch. Their comic intro is fairly comprehensive, and mixes healthy amounts of “eureka” with “this is still a hard problem“.
Education and Things u know u dont know…
A completely non-security related (but totally geek) blog that always makes me smile is [http://indexed.blogspot.com/]. We had just started the week (or ended the last one) with a conversation on how strange it was, that some people manage to remain suprememly confident while talking authoratively on subjects they know precious little about…
From our mouths, to Jessica’s pen:
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys..
Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to make TCP connections clean through the web-server. This comes in surprisingly helpful (and if nothing else is really cute!). You can read more about reDuh (with pretty pictures) by checking out the [reduh page] or by checking out our [Vegas slides].
pwnies video posted online..
The video of the much publicized pwnie awards has been posted to the interwebs [gvideo link]
Locals (SensePosters) can grab a copy [here] I believe it featured HalVar rapping so it should be worth at least a listen to :>
/mh
PS. i heard the first 3 minutes which included Alex Sotirov mention how >30 equates to over the hill, and humbly sumbit Malcolm Gladwells recent speech in silent 3rd hand rebuttal. [Age before beauty – the difference between young geniuses and old masters]
BlackHat / DefCon 2008….
Hey guys..
Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!)
We will post some post-Vegas thoughts as soon as the dust settles, but i also promised:
The slides from our talk The tools we released… A link to the slides is here: [Pushing a Camel through the eye of a Needle]