Our Blog
-sigh- little things, little minds…
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..
Google Cookies.. Finally a saner expiry date…
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this used to be set to expire in 2038!). Of course, the tin-foil hat wearers amongst us are going to find it difficult to convince the “keep-your-stinkin-privacy-i-want-my-15-minutes” facebook generation that privacy actually matters, but we…
Adam Shostack on Biometrics..
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh
VMWare Fusion, i love you not, i love you…
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my firefox profile, and managed to turf my osx preferences twice since this started happening.. Through meticulous checking i tracked down that the problem started “the day i blogged about how much i love vmware…
Have a (one) care sir….
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A quick scan shows that they have indeed faired pretty poorly in independent tests: “(BBC News) OneCare was the only failure among 17 anti-virus programs tested by the AV Comparatives organisation.” Now the obvious question was: How could Microsoft…
Probably the best book dedication i have ever seen….
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, and Pedram Amini“. Pedram is the mastermind behind Pai-Mei and started OpenRCE, but his last blog post points to the books dedication page, and it probably makes the book worth buying all on its…
In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of projects far out-weigh the interestingness of projects, leading rapidly to a cookie-cutter mentality to pen-test engagements.. Of course if you have spent any time in the industry, you already know this to be true.. the obvious danger with…
SensePost Training at Black Hat Las Vegas
The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in Las Vegas and also includes a series of diverse technical training courses. For the sixth time this year SensePost will be presenting a series of courses from our ‘Hacking By Numbers’ range at the briefings. There are a number of courses catered for most levels of technical experience, starting with…
On vulnerability, root cause, white-listing and compliance
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back trojans would connect back to arbitrary web servers on the Internet, we argued that companies should create shortlists of the sites employees are allowed to visit. This, we argued, was much more feasible than trying to identify and block known ‘bad’ sites. Of course, there are a number of other…
and then there was one….
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about because it makes people seem analytical and fore-casty, but i think its pretty clear that there are stirrings in buyout land right now.. I guess it bodes well for WhiteHatSec and similar folks.. they surely have to be on…