Infosec-Soapies
Dino Dai Zovi is such a Rock Star..
Dino is the guy who added much shellcode coolness to MetaSploit, gave
the world Karma, released the first virtualization rootkit for Intel
(Vitriol), and gave much credibility to the Matasano crowd while he was
there..
Although he left the consultancy gig, he popped up briefly again during
the year to claim his macbook in the Cansec Hack the Mac challenge and
popped up again to break second-life..
reddit: exploit publisher?
saw this in my RSS reader, the null poison byte makes a comeback!
Until it gets fixed, you can view here.
How Gentoo got hacked.. holy #@^%&!!
If a picture is worth a 1000 words, then i dont want to know what this reads…
Probably the best book dedication i have ever seen….
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, and Pedram Amini“. Pedram is the mastermind behind Pai-Mei and started OpenRCE, but his last blog post points to the books dedication page, and it probably makes the book worth buying all on its own..
outstanding…
and then there was one….
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about because it makes people seem analytical and fore-casty, but i think its pretty clear that there are stirrings in buyout land right now.. I guess it bodes well for WhiteHatSec and similar folks.. they surely have to be on the radar..
Talking of buyouts, its always been strange for me that CORE have managed to go by as long as they have without being purchased. Their technical roots being in Argentina might have explained it for a little while, but a whole bunch of years later.. i dont get it.. (Having said that, i must add the caveat that i am talking completely through my ear since im pretty sure they would have been approached often enough and could simply have been rejecting offers waiting for the right match..)
Safari on Win32, and browser choices in general..
Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of course fanboys everywhere are going to be on this one like, erm.. like a thing that is very onto another thing.. but.. i digress..
2 things are interesting in all this for me though..
Why Apple chose now to do the win32 safari release Why anyone in security uses Safari anyway? Most people postulate that the Win32 Safari release is tied to the release of the iPhone. Since 3rd party developers cant build for the iPhone yet, it would seem that web-apps running on iPhone Safari would be the way to go for now.. if you are pushing the browser they need better adoption.. its a reasonable enough theory and i cant imagine its because apple actually want to launch a serious attack against IE/Mozilla on non Apple desktops
Prev
Page 3 of 3