Silly-Yammerings
The myth of the expert
Something we preach very strongly in our training is the importance of an understanding of the underlying technology / application / issues, and being able to dig into the core of an issue, not just try a trick or two and move on. Sadly, most people don’t see it this way. It’s also somewhere between sad and frustrating for me that there seems to be an over-abundance of so-called “experts”…
Medical Doctors.. bah! hambug..
I’ve ranted a few times about things i hate about the way we “do medicine”. (Doctors are not alone here.. i cant believe that in the age where we operate on the eye with lasers and see production ready nano-tech. we consider yanking teeth with a pair of pliers a reasonable option) Recently i heard an interview with the head of MS Research where he spoke about some of the…
MTBF and Light Bulbs..
Some of you will know that i finally moved out of the shoe box i lived in for 6 years and moved into a house (about 3 months ago) Since then i have replaced 3 different light bulbs at different places in the house.. Now this made me start thinking.. Surely when the house was new, they fitted in all the bulbs as brand new.. Now some sections of the…
2 Un-related thoughts.. on Echelon and the recent Skype Outage..
I suspect somewhere there exist cardinal rules of blogging which would state that using a single post to make 2 completely un-related posts is a no-no.. I will now promptly ignore it 2 push out 2 random thoughts that came up.. Echelon and Echelon spam.. While watching the Bourne Ultimatum the other night the usual “echelon“esque scene played out.. Guy on phone says keyword.. pan to NSA/CIA type building.. computer…
mh.blackhatFeedback(Side-jacking, Hamster)
Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on some of the talks i ended up catching at this years BlackHat. By far the talk that grabbed the most press was the Erratasec talk on Side-Jacking. Essentially the researchers demonstrated a tool (hamster) that allows an attacker on a shared network (wifi was used as an example, but i…
On hacking and politics
I meant to blog this whilst I was still in Vegas, but only got around to it now. Its arb, but worth a bit of thinking… Kenneth Geers’ talk titled ‘Greetz from Room 101’ was on which countries have the Top Ten most Orwellian computer networks. In his precis he asks “Could a cyber attack lead to a real-life government overthrow?” I find these kinds of discussions really interesting, because…
Have a (one) care sir….
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A quick scan shows that they have indeed faired pretty poorly in independent tests: “(BBC News) OneCare was the only failure among 17 anti-virus programs tested by the AV Comparatives organisation.” Now the obvious question was: How could Microsoft…
In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of projects far out-weigh the interestingness of projects, leading rapidly to a cookie-cutter mentality to pen-test engagements.. Of course if you have spent any time in the industry, you already know this to be true.. the obvious danger with…
and then there was one….
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about because it makes people seem analytical and fore-casty, but i think its pretty clear that there are stirrings in buyout land right now.. I guess it bodes well for WhiteHatSec and similar folks.. they surely have to be on…
Shuttleworth comments on Microsoft/Ubuntu deal rumours
Mark Shuttleworth on his blog makes it clear -snip- “We have declined to discuss any agreement with Microsoft under the threat of unspecified patent infringements.” … I have no objections to working with Microsoft in ways that further the cause of free software, and I donâ€t rule out any collaboration with them, in the event that they adopt a position of constructive engagement with the free software community. … All…