2007
Squeeza: The SQL Injection Future?
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is.. For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file…
Late BlackHat Update..
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most people are finishing Microsofts booze at the PURE microsoft party.. BlackHat is over, which means tomorrow we are off to the riviera for defcon.. Marco and i got a lot of positive feedback from our talk, including from guys like rob auger of wasc fame and andrew bortz who we…
BlackHat Progress Report
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends.. The next “biggie” on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff…
BlackHat, DefCon, Las Vegas
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to the surreal feeling that lasts for the entire stay.. We will be in the training rooms over the weekend, and during the week, and will then give our bh-talk, before moving to defcon for the talk…
QoW 1 answered; Qow 2 released
A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is ………. now. The new QoW is available here. Thanks for the efforts; we received a fair number of answers and are still figuring out how to go about recording your submissions. For now, we’ll publish the first correct answer, and discuss the answer in brief. Over to Haroon:…
-sigh- little things, little minds…
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..
Google Cookies.. Finally a saner expiry date…
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this used to be set to expire in 2038!). Of course, the tin-foil hat wearers amongst us are going to find it difficult to convince the “keep-your-stinkin-privacy-i-want-my-15-minutes” facebook generation that privacy actually matters, but we…
Adam Shostack on Biometrics..
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh
VMWare Fusion, i love you not, i love you…
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my firefox profile, and managed to turf my osx preferences twice since this started happening.. Through meticulous checking i tracked down that the problem started “the day i blogged about how much i love vmware…
Have a (one) care sir….
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A quick scan shows that they have indeed faired pretty poorly in independent tests: “(BBC News) OneCare was the only failure among 17 anti-virus programs tested by the AV Comparatives organisation.” Now the obvious question was: How could Microsoft…