Blog
Web Mashups point and click style (open invite for Sammy v2.0) ?
[Yahoo pipes] looks like an awesome way for even non-programmers to create web mashups trivially. Aside from the fact that its interface is super-cool, it brings an interesting dimension to next gen web attacks. (Google Video on Pipes by Pipes developers).
pdp has already covered pipes in his OWASP talk where he used it to re-write a jikto equiv. in almost-0 lines of code, along with a tinyurl filesystem. pdp also mentions Dapper, which i have not checked out till now, but looks like fun waiting to happen too..
In all the services look leet, and look like a cool way to get “unification” going for browser attacks*. Check them out, the possibilities for evil’ness should start running through your head from click 1.
Windows filesharing on OSX still vulnerable…
Aaron Adams over at SYMANTEC, did a quick check on the version of Samba running on currently up to date OSX machines and found that the Macs were still running 3.0.10. He did a quick mod on the existing Metasploit module and has reliable code execution going..
If you are running OSX, you probably want to make sure your samba isnt exposed while you grab the latest source and build..
/mh
Welcome to extern blog SensePost;
Ok.. so after many moons of making excuses for not making our internal blog public we have decided on a happy compromise.. Some of the “work-safe” posts from internal, will make its way out here.. {we have a ton of posts on internal, and promise to publish them if they are ever referenced by new posts here to stop the foncusion}
Other than that.. Welcome, thanks for taking the time to read us..
Adventures while moving… (Part II)
Ok.. so we have an outside gate type thing that leads to our garden. Since we would probably get to the gate at random points of the day / week we figured a combination lock would make sense. Now i know that combination locks traditionally have a pretty small keyspace, and have a horrible reputation so i asked Deels to make sure she got one with at least 4 digits, and had a good name behind it..
Do you group your passwords?
This has probably been pondered, but something occurred to me whilst entering my new home.. The guard house grants access based on your fingerprint. The system works pretty sweetly..
Now.. because i have about a zillion accounts, i kinda group my passwords.. since i know services admins on most irc networks read your password, i use XXX for low level access (this might include try once trial software logins).
Slightly more reliable software logins (vmware page / ms partner page) i will use YYY.. i think most people do this..
Prev
Page 58 of 58