2008
BiDiBLAH 2.0 BETA
Good news to all the blah’ers out there! The BETA version of BiDiBLAH 2 is available for download here. As you probably know, [a real quick and easy] registration is required, and version 2 of BiDiBLAH runs on dotnet framework 2. ./frankieg
Vulnerability management and the Blogs
Gegroet just a quick note on VM. Google is now offering Google Blog Search Beta and I thought it interesting to see who is blogging on vulnerability management.Some of the output includes: i) “Vulnerability Management” = 6,330 hits ii) “Vulnerability Management” + Dummies = 314 hits iii) “Vulnerability Management” + ineffective = 16 hits iv) “Vulnerability Management” + effective = 314 Probably 90% of all hits came from vendors and…
Sarah Palin, a yahoo email account, and something more shocking…
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as Sarah Palins nomination as possible future president ((unless of course you have ever heard of other govt. officials using yahoo/gmail/hotmail for serious business)(inside joke for south africans!)). People have been talking about secure password resets for a long…
A truly sweet hack!
[Solve mazes with Photoshop (or gimp)] i must confess that while i understand the logic of flood-fill doing a depth first search and therefor doing the lifting for u, my gimp skills are second only to my MS-Word skills and i have managed to burn about 40 minutes this morning still unable to replicate it (there goes my report writing!) /mh
Lets hope it does better than netsec.reddit..
Introducing [http://www.reddit.com/r/ReverseEngineering/] (like its name suggests, a reddit thats all about Code RE..)
HBN Extended Edition 6-10 October
We have scheduled our first training course for our new year, Hacking By Numbers – “Extended” Edition – for October 6-10th . The course runs for a full 5 days in Pretoria, South Africa. The HBN ‘Extended Edition’ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offers students a deeper understanding of the…
Enter Google Chrome…
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u. It’s based on [webkit], which you might [recall] was impressive in many ways.. It has a few other interesting promises, like a brand new javascript engine [which sounds like an excellent target for future hackery] and a simple but sweet isolation concept [tabs are independent processes]. Like anything released from…
Education and Things u know u dont know…
A completely non-security related (but totally geek) blog that always makes me smile is [http://indexed.blogspot.com/]. We had just started the week (or ended the last one) with a conversation on how strange it was, that some people manage to remain suprememly confident while talking authoratively on subjects they know precious little about… From our mouths, to Jessica’s pen:
Adobe APSB08-15 Patch Reversing
APSB08-15 is the latest adobe security advisory regarding a memory corruption vulnerabilty in Acrobat Reader versions <8.1.2 As expected, the advisory does not include technical details about the attack vector, So let’s try to reverse the related Adobe patch to find more about this vulnerability. I’m going to use IDA 5.2 with patchdiff2 plugin (thanks to kris hint on this plug-in). The patch is released as a MSI file. I used Greg Duncan’s Less MSIèrables…
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys.. Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to…