October 2011
1 post
“Everyone has a plan until they get punched in the mouth”
– Mike Tyson
July 2011
2 posts
“In war, numbers alone confer no advantage..”
– Sun Tzu
“A wise general sees to it that his troops feed on the enemy…”
– Sun Tzu
June 2011
2 posts
“Somebody actually hacked into our emails, so that made our red flags go up....”
– Dr. Dre
“It is not the critic who counts, not the man who points out how the strong man...”
– Teddy Roosevelt
April 2011
2 posts
“No man will make a great leader who wants to do it all himself, or to get all...”
– Andrew Carnegie
“Do what you can, with what you’ve got, where you are”
– Teddy Roosevelt
March 2010
2 posts
Twitter vs Phishing →
Unsophisticated! Sophisticated! →
February 2010
6 posts
Federal regulation urged on cybersecurity →
Microsoft Says It Never Meant To Knock Cryptome... →
Probably collateral damage from brand enforcement
Waledac Takedown →
Twitter Phishing Attacks →
“All war presupposes human weakness and seeks to exploit it.”
– Carl von Clausewitz - On War
Spammers already using Google Buzz →
December 2009
2 posts
“One must therefore be a fox to recognize traps, and a lion to frighten wolves.”
– Niccolò Machiavelli - The Prince
Frustrations of ISP Abuse Handling →
Why blacklists are a temporary solution
November 2009
1 post
On Private Domain Registration →
October 2009
1 post
GPL v3 and trusted computing →
Interesting thoughts on how TC’s can be used to DRM free software. For instance, ensuring that a platform only operates on free software.
July 2009
1 post
Role Based Access Control on Facebook →
May 2009
1 post
Pres. Obama announces cyber security policy →
April 2009
1 post
“It does not matter how slow you go so long as you do not stop.”
– Confucius
February 2009
2 posts
Infosec Fail →
Infosec researchers that broadly claim they’ve hacked Facebook when they’ve only exposed app data. A clear example of infosec hype:
“Millions (LOTS OF MILLIONS) of accounts, email addresses and passwords up for grabs by anyone.” “upload phpshells, redirects, INFECT PAGES WITH TROJAN DROPPERS, even deface the whole website.” “How could the columns of this table be named other than...
“If you see fear, head for it.”
– Robert Downey Jr., newsweek round table.
January 2009
2 posts
“When there is freedom from mechanical conditioning, there is simplicity.”
– Bruce Lee
Creating a rogue CA certificate →
October 2008
1 post
Compromising Wired Keyboards →
cough. trusted computing. cough.
September 2008
1 post
IPv6 Implications for Network Scanning →
August 2008
1 post
The Security Circus →
Too often, so-called “security” is split into two camps: one that believes in nondisclosure of problems by hiding knowledge until a bug is fixed, and one that “revels in exposing vendor security holes because they see that as just another proof that the vendors are corrupt and crap, which admittedly mostly are,” Torvalds states.
July 2008
6 posts
Spammer - Murder, Suicide →
“From 2005 through part of 2006, he sent thousands of e-mails from his home in Bennett, sometimes with false information, on behalf of a Houston company promoting a penny stock as an excellent investment, according to a plea agreement. His bank account deposits from 2003 to 2006 totaled $3.5 million, the plea agreement said.”
Gmail Names →
Have gmail address, acquire name.
“Opportunities multiply as they are seized.”
– Sun Tzu
DNS Extensions →
Threat Analysis of the Domain Name System →
June 2008
6 posts
Affiliate/Pyramid Spam in Politics →
A/P Spam are among the most effective means of generating traffic in a spam campaign. It appears the McCain campaign has adopted this strategy.
Audio recording of a phishing attack. Yes, audio!...
Hacking Memcache
(A braindump/discussion on memcache security)
A quick brief on memcache ripped from wikipedia:
memcached is a general-purpose distributed memory caching system that was originally developed by Danga Interactive for LiveJournal, but is now used by many other sites. It is often used to speed up dynamic database-driven websites by caching data and objects in memory to reduce the number of times the...
PHP Parse Url. →
Rule of thumb - no process should be responsible for defending itself.
“We shall not fail or falter; we shall not weaken or tire… Neither the...”
– Winston Churchill
OpenSocial Leaks →
This guy reporting the hole is a total stalker
May 2008
13 posts
“More glorious to merit a scepter than to possess one.”
– Memoirs of Napoleon
Wiki Recon →
Safari Carpet Bomb →
News outlets seem to be freaking out about this one, regardless of the fact that this really isn’t an issue at all. There is no benefit to exploit this on a wide scale. Unless of course you can place something on the desktop with an .exe extension. Hmmm.
Linux and Security →
As hard as it can be to swallow… fundamental truths in security.
“Hence to fight and conquer in all your battles is not supreme excellence;...”
– Sun Tzu The Art of War
IFrame Injection →
I think this is has been wrapped up tight… but I need the link for reference.
Sybil attacks on social networks →
Interesting work on sybil… fortunately abnormalities like this are easier to spot because the web sucks
“Whether the object be to crush an army, to storm a city, or to assassinate an...”
– Sun Tzu The Art of War
Googling Apache Status →
The link above has info on Apache mod_status. Google search for misconfigured apache installs… http://www.download.com/server-status http://dev.perl.org/server-status