Blog
Piotr Bania Agrees.. Metal Gear Rocks.. (warning.. this post has 0 to do with infosec)
Way back in 2000 i bought my kid sister a Sony PlayStation.. I have never been a big gamer (not since arcade games when i was tiny) but a reliable source at work convinced me to play Metal Gear – Solid. The game was awesome and for the period i played it, it dominated my life.. im not a gamer so probably not qualified to use words like gameplay but found the game incredibly intuitive and seldom ever found it “gamey”.
The proof of the pudding ?
Royal pingdom did a quick check on what was running at some of the more popular sites on the Internet and end up with the following table:
Its intersting for a whole bunch of reasons that im currently too sleep y to write about.. (sleepy??? must be old age?)(or the flu pills im taking)
The first thing that was interesting to me was the suprising lack of BSD ? i like linux and have used it as a desktop machine forever (before becoming a macfanboy) but have always defaulted to FreeBSD for servers.. im not sure what this means and ill do a little netcraft digging tomorrow to see if its a general trend..
The myth of the expert
Something we preach very strongly in our training is the importance of
an understanding of the underlying technology / application / issues,
and being able to dig into the core of an issue, not just try a trick or
two and move on. Sadly, most people don’t see it this way.
It’s also somewhere between sad and frustrating for me that there seems
to be an over-abundance of so-called “experts” in our field. While this
isn’t an issue for those who have a deep understanding, the fact of the
matter is that for many of our customers, their key competence is their
respective industry, and not information security.
Feedback on our courses in Switzerland
We just finished presenting an HBN Bootcamp and an HBN Combat Edition in Lausanne, Switzerland. A lot of people don’t know that we do this format – small courses on location worldwide. Its a different vibe to the big courses we do at Black Hat and the like, but it has some real advantages. Here’s the feedback we received – I especially like the nice things they say about me…
reddit: exploit publisher?
saw this in my RSS reader, the null poison byte makes a comeback!
Until it gets fixed, you can view here.
Is that a robots.txt in your pocket or are you just ahppy to see me?
This will probably get cleaned up soon, but thats a huuuuuuuge robots.txt [ http://www.whitehouse.gov/robots.txt]
I have always tried to keep this blog politics-free
but the last Scott Adams posting on the Iranian presidents US visit has to be the best piece i have read in a long long time..
BotNets not just for SPAM any more
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to see the use of botnets for more than just simple spamming (or simpler DoS attacks).
Its pretty cool (in a twisted sort of way), because this is one of those things we called out a long time ago, predicting that botnets were way under-used as a form of cheap distributed computing. We have been mentioning its potential for effectively minimizing the key-space of session-ids and it looks like its starting to rear its head..
Introducing Hex-Rays…
These days its almost impossible to read a book on security or vuln-dev without a gratuitous IDA-Pro screenshot. IDA has proven itself so valuable at reversing that its near impossible to find texts that fail to mention it. (Even ancient texts from fravia and woodman will make reference to it).
Well.. for a long long time people have wondered why ilfak (ida’s main author) didnt get into the point and click vuln finding / point-and-click disassembler business.. For a long time he (and datarescue stayed out of it), till now..
’twas only a matter of time before various FaceBook developers started cashing in on the amount of personal info they can collect…
http://www.theregister.co.uk/2007/09/12/facebook_compare_people/
This was something Marco and I chatted about a few weeks ago – not from the “financial gain” perspective, but rather from the large amounts of data one would be able to collect from Facebook by playing with the FaceBook API. Unfortunately, there has been no time for fun and games yet…