Blog
“Unix Terrorist” in trouble over TJX ?
Anyone who was around for Defcon-10 will have an opinion on the infamous Gobbles-Silvio-UnixTerrorist talk in which mail spools where published and everyone was slammed [1]
According to mumble on the Interwebs (and a comment from RiskyBusiness) it appears as if the Stephen Watt who allegedly “modified and provided a “sniffer” program used by the conspirators to monitor and capture the data crossing corporate computer networks” == Unix Terrorist..
It’s not clear the extent of Watts involvment with the breakin, but it does send a cold shiver down the spine of anyone who puts out tools / software..
Preflighting Application Error (0xE800000*) on iPhones
For those writing apps for the iPhone, you have a good chance of bumping into the highly annoying preflighting application error:
Ralf Rottmann of [24100.net] has a [pretty comprehensive post on how to fix this] (the problem resides in xcode not corerctly tagging the applications BundleID)
HITB08 Slides available..
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there yet]
SensePosters can grab a local copy [here]
You know you are getting old..
When you blog a link to poetry:
[The man watching] is a poem by Rainer Maria Rilke, that i picked up from a talk by Tim Oreilly during his [recent talk] where he chided the audience for focusing on trivial banalities while leaving bigger problems un challenged. A subsequent speaker picked up the theme, and likened it to abandoning NASA to work on DisneyLand.
I think the sentiment is grand, and the poem is inspiring.. and in particular the following lines, are probably going to keep me up nights for a while:
Windows servers are now a (beta) option on Amazon Ec2
EC2 is now out of beta, and supports windows based ANI’s. [Big Day for EC2]
EC2 blows my mind, and from a bazillion miles away, i was truly surprised the Amazon got the jump on Google/MSFT/Apple/* with their offerings..
/mh
PS. how i managed to write on this as opposed to the [Stack based, pre-auth, wormable windows RPC overflow is anyones guess]
PPS. Actually.. in part its because im miffed. I just wrote a diatribe on how the fact that we werent goign to see another code-red / worm scare anytime soon was going to hurt us (ala aitel.owasp08) and this bug shuts me up for a bit – stay tuned for “is the industry still running on code-red?”
OWASP NYC Talks Posted..
The full videos from the OWASP NYC Conf have been posted.
At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here], SensePost’ers (except for those actually currently living in NY) can grab selected talks locally [here]
BiDiBLAH 2.0 BETA
Good news to all the blah’ers out there! The BETA version of BiDiBLAH 2 is available for download here.
As you probably know, [a real quick and easy] registration is required, and version 2 of BiDiBLAH runs on dotnet framework 2.
./frankieg
Vulnerability management and the Blogs
Gegroet
just a quick note on VM.
Google is now offering Google Blog Search Beta and I thought it interesting to see who is blogging on vulnerability management.Some of the output includes:
i) “Vulnerability Management” = 6,330 hits
ii) “Vulnerability Management” + Dummies = 314 hits
iii) “Vulnerability Management” + ineffective = 16 hits
iv) “Vulnerability Management” + effective = 314
Probably 90% of all hits came from vendors and it was also evident that they were punting the “successes” of VM, utilising their products and services.
Sarah Palin, a yahoo email account, and something more shocking…
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as Sarah Palins nomination as possible future president ((unless of course you have ever heard of other govt. officials using yahoo/gmail/hotmail for serious business)(inside joke for south africans!)).
People have been talking about secure password resets for a long time [1] and this was pretty shocking all around..
A truly sweet hack!
[Solve mazes with Photoshop (or gimp)]
i must confess that while i understand the logic of flood-fill doing a depth first search and therefor doing the lifting for u, my gimp skills are second only to my MS-Word skills and i have managed to burn about 40 minutes this morning still unable to replicate it (there goes my report writing!)
/mh