2009
Happy New Year! (No predictions.. promise..)
It’s the last few hours of 2009 here in South Africa so i wanted to take the opportunity really quickly to wish the 2 readers of this blog all the best for new year..
Most security “pundits” are currently doing their 2010 predictions. (although in truth few of them so far have been particularly surprising or out-there.. “Adobe will be brutalized” ? really? hows that different to 08 or 09)(One really has to question how the current whipping boy for exploit writers managed to be a key contributor to Gary McGraws BSIM Model, but i digress)
26th Chaos Communication Congress..
is currently on in Berlin.
As usual [it] looks like a blast, and as usual, media [is online] before the speaker shuts down his presentation machine..
SensePosters can grab a local copy of the EN-vids [here]
/mh
We are famous (almost!)
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had a brief chat to Rob Lemos, who called us up again, so we ended up adding the soundbyte to his piece in Technology review along with guys like Moxie Marlinspike and Danny MacPherson [here]
We also showed up on Read/Write Web, where we were called “security nerds” and “black hats”
Ahhh.. roll on 2010!
Criticism, Cheerleading, and Negativity
[Alex Payne] has an excellent post up titled “Criticism, Cheerleading, and Negativity“. It’s a 2 minute read, but its worth it:
”
We understand well the idea of being in favor or something, or against something, but we don’t particularly understand how criticism fits into this dichotomy.
..
The reason a person is critical of a thing is because he is passionate about that thing. In order to have a critical opinion, you have to love something enough to understand it, and then love it so much more that you want it to be better. Passion breeds critical thinking.
ZaCon – A con in need of a better tagline…
ZaCon came and went, “and a fun time was had by all!”
The first run was a semi-cosy affair held at the University of Johannesburg, with 16 speakers holding the crowd from 08h00 till 18h00. ZaCon had many SensePost faces, but is not expressly an SP initiative.. It’s a community based con aimed at growing the next gen of South African hax0rs..
My brief ~12 minute intro: “Why Zacon” explains some of the organizers thinking.. You can watch me blab [here] and you can watch the rest of the videos [here]
Defcon-17 – Clobbering the Cloud
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site: [here]
All of the other DC17 videos can be found [here]
(if you are a senseposter, you can grab them with descriptions from [here])
Twitter killed the (infosec) Blogging Star ?
Like it, hate it or just plain struggling to understand it, Twitter has made a huge impact across a wide range of fields. We use it fairly heavily internally for simulated water-cooler chatter and quick link-exchange. (like any piece of sp-geek-over-engineering we also have a tweet-bot to convert tweets to emails, and convert blog notifications to tweets). It’s pretty clear though, that once we started tweeting internally, people started blogging less. There’s something liberating about saying “here’s a link”, as opposed to taking the time to formulate your thoughts into a full blown posting.
Spammers need love too..
-snip-
From: Haroon Meer <haroon@sensepost.com>
To: Marc Schneider <marcs@mplw.net>
Subject: Re: http://www.sensepost.com – Contact needed
Hi Dr Schneider.
* Marc Schneider [marcs@mplw.net] seemed to say:
>I am Dr. Marc Schneider and I work for Multilingual Search Engine
>Optimization Inc. in Washington DC ( Tel: 1 202-250-3645) – I would
>like to speak with the person in charge of your international
>clientele. Who is my contact? Who should I speak to??
>
>In fact, after visiting http://www.sensepost.com , I have noticed that your
>website
>cannot be found on foreign search engines (I tested it on Hispanic
>search engines, German search engines, Asian search engines, etc.) Our
>company is specialized in multilingual search engine promotions in 28
>languages . From the Japanese Google to the German Yahoo, from the AOL
>in Spanish to the MSN in Chinese, we can show you how to develop a
>true international online presence by promoting your website on
>foreign search engines.
Dvorak, on Windows 7, Microsoft and attention to details..
The other day i tweeted a link from John Dvorak reviewing Windows 7. He basically said that Microsoft was dying, and said the product was “made with the same cheap Microsoft vodka.”
Dvoraks not new to this[1], (i recall reading his columns in PC magazine in the early 90’s, so he has been around). He slates Microsoft, not because of the code in windows7, but because (he feels) Microsoft has stopped paying attention to details:
Sensepost’s Developer and Bootcamp Security courses (November)
Hi All
SensePost will be running their next Developer and Bootcamp courses for 2009, scheduled for November. Please drop me an email if you know of anyone in your area that would like to attend.
– 1) Hacking by Numbers – Developer Edition (16-18 November 2009)
– 2) Hacking by Numbers -Extended (Bootcamp) Edition (10-13 November)
Information about courses:
1) HBN – Developer Edition
‘Hacking By Numbers – Developer Edition‘ is a course aimed at arming web application developers with knowledge of web application attack techniques currently being used in the ‘wild’ and how to combat them. Derived from our internationally acclaimed ‘Hacking By Numbers’ security training, this course focuses heavily on two questions: “What am I up against?” and “How can I protect my applications from attack?” During the course sample applications will be dissected to discover security related bugs hidden within the code. The class will then consider prevention, detection & cure.
Page 1 of 9
Next