Haroon Meer
Phrack is dead.. long live Phrack ??
Uninformed has certainly done awesomely at filling in the gap left when phrack went silent, but there is something nostalgic about reading phrack… it seems like issue 65 has just hit the streets..
Its my SensePostaversary!
Whoa! time flies when you having fun…
(click for orig.)
2 Winning quotes..
from the SourceBoston videos i blogged about:
Dr Geer never dissapoints, and kicked it off with the 4 rules on his office wall:
Work like hell, Share all you know, Abide by your handshake, Have fun. If he mentioned anything about foosball or pool.. i woulda sworn blind he was talking about SensePost!
The 2nd quote that was awesome, (during the interview with the l0pht members) was from Dildog.. ex-l0pht, ex-@stake, now Veracodes chief scientist.. The discussion turned to “security companies and snake oil”, and the fact that dildog was a “vendor” again.. With a dry smile that could have been at home in a john cleese movie, he replies:
2 reasons to visit sourceboston.com (and 2 reasons to rejoice!)
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up..
While the image of the young hax0rs indeed brings back fond memories of surfing blackcrawlarch and trying in vain to get mosaic chat to work in the lounge, it isnt one of the 2 reasons to rejoice..
The chance to watch Dr. Dan Geers talk (Dr Geer is one of those people who remind you how un-smart you are everytime you hear him speak) And on a mildly unrelated note (for some definition of mild), the fact that all USENIX conference proceedings have been made available freely online.. Rock on!
Write a paper? or nip down for a pint?
Apparently the two _are_ mutually exclusive.. [according to the NY Times…]
-snip-
According to the study, published in February in Oikos, a highly respected scientific journal, the more beer a scientist drinks, the less likely the scientist is to publish a paper or to have a paper cited by another researcher, a measure of a paperâ€s quality and importance.
-snip-
Veni, Vidi, Damni
At last years BlackHat USA a bunch of us played some American geeks a game of late night parking lot football.. Our victory there, and the 6 months of victorious memories from that night filled us with enough false self confidence to take on the SBG guys last night..
While several of us are claiming altitude differences as the root cause of the bad result, those in the game with a keener eye (and longer memory) will long recall that the (almost) final kick of the match was a missed opportunity to equalise that could have been scored by my grandmother (with her wooden leg). (we will not name the culprit who missed this gift-wrapped goal, because i dont want to people to know it was me)
Everything i needed to know about managing hackers, i learnt from my DVD collection..
Ok.. so the title clearly isnt true.. but it made more sense than saying something about the altered geographic location of someone’s dairy products.
It is however true, that this particular blog rant is largely about the geek<-->suit relationship and thoughts that are brought to life with full surround sound while watching the movie Troy. (its ok if you are one of those highly cerebral types who look down with disdain on us humble movie watchers – u can think of this post in terms of “what we can learn about managing hackers from Homers Iliad“) (5 minutes after meeting the guys who work for us, a very obvious question is: “how do u manage a team of such bright individuals? isnt it like herding cats?” – this is one of the how-to’s (or how not to’s))
The Peltier Effect – Year in Review..
Peltier and Associates have released their massive “Peltier Effect – Year in Review 2007“.
The collection comes in at a whopping 156 pages from a wide array of authors so there should be somethign to read in it for everyone..
Our short article: “2007 – The Year Timing Attacks Made a Comeback” comes in on page 43 (or 52 depending on if you believe the page numbers or your pdf reader). Other contributions include a foreword by Marcus Ranum, and articles from Dave Aitel, Max Caceres and Ivan Arce.. humbling company..
SNMP Joins Dark Side in New XSS Attack
-sigh- the topic is stolen directly from the [DarkReading Article]
-snip-
Itâ€s yet another new spin on a pervasive attack — this time using the old standby Simple Network Management Protocol (SNMP) to stage cross-site scripting (XSS) attacks.
-snip-
-sigh- a little while back while doing a pen-test on a 1U device, we found that a well poisoned SNMP string could easily result in XSS and even SQL Injection attacks.
Prof Felten (and friends) attack bitlocker/filevault (and friends)
So felten et al basically figured that cooling dram chips allows an attacker to move them to another machine where they can be leeched!
The geek in me cant help but say “COOL!”
According to the comments posted (by Eugene Spafford no less) this sort of attack is fairly well known.. but.. for this humble fanboy, i think its still pretty rocking!