2008
South Africa’s own IT Security “pubcast”
Our good friend Anthony Olivier has launched his “IT Security Pubcast“. So far 2 episodes are online, with episode #2 including our very own, ever quotable Charl van der Walt.
Check it out..
ITWeb Security Summit 2009 – CFP Now Open
A couple of months back SensePost were asked by a prominent South African media company to assist in the selection of content and speakers for an upcoming information security conference called ‘the ITWeb Security Summit‘.
The show runs 26-28 May 2009. The speaker lineup is mostly local (including yours truly) but past speakers have been pretty high-profile – including Dave Litchfield, Johnny Long, Kevin Mitnick, Johnny Cache, Howard Schulz and others.
Wired Article on DNSGate..
Wired magazine has covered the DNSGate saga with full dramatic details like: “never, ever repeat what you just told me over a cell phone“.
Its a quick read, and worth it for the classic line: “The DNS community had kept the secret for months. The computer security community couldn’t keep it 12 days”
HBN Bootcamp – Christmas Edition
As a Christmas special we have scheduled an additional training course, Hacking By Numbers – Extended Edition (Bootcamp) in Pretoria, South Africa on November 24-28th. The course runs for a full 5 days. This course will be offered at a never-to-be-repeated discount price of ZAR 10,999-00 (15% discount on the usual training price). Each trainee will be given a t-shirt and a Christmas hat!
For more on our training please visit http://www.sensepost.com/training.html.
“Unix Terrorist” in trouble over TJX ?
Anyone who was around for Defcon-10 will have an opinion on the infamous Gobbles-Silvio-UnixTerrorist talk in which mail spools where published and everyone was slammed [1]
According to mumble on the Interwebs (and a comment from RiskyBusiness) it appears as if the Stephen Watt who allegedly “modified and provided a “sniffer” program used by the conspirators to monitor and capture the data crossing corporate computer networks” == Unix Terrorist..
It’s not clear the extent of Watts involvment with the breakin, but it does send a cold shiver down the spine of anyone who puts out tools / software..
Preflighting Application Error (0xE800000*) on iPhones
For those writing apps for the iPhone, you have a good chance of bumping into the highly annoying preflighting application error:
Ralf Rottmann of [24100.net] has a [pretty comprehensive post on how to fix this] (the problem resides in xcode not corerctly tagging the applications BundleID)
HITB08 Slides available..
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there yet]
SensePosters can grab a local copy [here]
You know you are getting old..
When you blog a link to poetry:
[The man watching] is a poem by Rainer Maria Rilke, that i picked up from a talk by Tim Oreilly during his [recent talk] where he chided the audience for focusing on trivial banalities while leaving bigger problems un challenged. A subsequent speaker picked up the theme, and likened it to abandoning NASA to work on DisneyLand.
I think the sentiment is grand, and the poem is inspiring.. and in particular the following lines, are probably going to keep me up nights for a while:
Windows servers are now a (beta) option on Amazon Ec2
EC2 is now out of beta, and supports windows based ANI’s. [Big Day for EC2]
EC2 blows my mind, and from a bazillion miles away, i was truly surprised the Amazon got the jump on Google/MSFT/Apple/* with their offerings..
/mh
PS. how i managed to write on this as opposed to the [Stack based, pre-auth, wormable windows RPC overflow is anyones guess]
PPS. Actually.. in part its because im miffed. I just wrote a diatribe on how the fact that we werent goign to see another code-red / worm scare anytime soon was going to hurt us (ala aitel.owasp08) and this bug shuts me up for a bit – stay tuned for “is the industry still running on code-red?”
OWASP NYC Talks Posted..
The full videos from the OWASP NYC Conf have been posted.
At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here], SensePost’ers (except for those actually currently living in NY) can grab selected talks locally [here]