Haroon Meer
Late BlackHat Update..
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most people are finishing Microsofts booze at the PURE microsoft party.. BlackHat is over, which means tomorrow we are off to the riviera for defcon.. Marco and i got a lot of positive feedback from our talk, including from guys like rob auger of wasc fame and andrew bortz who we…
BlackHat Progress Report
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends.. The next “biggie” on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff…
BlackHat, DefCon, Las Vegas
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to the surreal feeling that lasts for the entire stay.. We will be in the training rooms over the weekend, and during the week, and will then give our bh-talk, before moving to defcon for the talk…
-sigh- little things, little minds…
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..
Google Cookies.. Finally a saner expiry date…
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this used to be set to expire in 2038!). Of course, the tin-foil hat wearers amongst us are going to find it difficult to convince the “keep-your-stinkin-privacy-i-want-my-15-minutes” facebook generation that privacy actually matters, but we…
Adam Shostack on Biometrics..
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh
VMWare Fusion, i love you not, i love you…
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my firefox profile, and managed to turf my osx preferences twice since this started happening.. Through meticulous checking i tracked down that the problem started “the day i blogged about how much i love vmware…
Have a (one) care sir….
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A quick scan shows that they have indeed faired pretty poorly in independent tests: “(BBC News) OneCare was the only failure among 17 anti-virus programs tested by the AV Comparatives organisation.” Now the obvious question was: How could Microsoft…
Probably the best book dedication i have ever seen….
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, and Pedram Amini“. Pedram is the mastermind behind Pai-Mei and started OpenRCE, but his last blog post points to the books dedication page, and it probably makes the book worth buying all on its…
In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of projects far out-weigh the interestingness of projects, leading rapidly to a cookie-cutter mentality to pen-test engagements.. Of course if you have spent any time in the industry, you already know this to be true.. the obvious danger with…