Happy Two-Year Anniversary
Yesterday we celebrated tssci-security.com's two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way -- most as a direct result of this blog. The connections and many good times I've had with people because of this site, are countless and all priceless. Also a happy birthday goes out to Dre, which without, this blog would not have been as much a success as it's been. Dre celebrates his birthday on the same day as tssci-security's anniversary. A coincidence? :)
I know we've been pretty dormant the past several weeks -- I blame it on the security conferences. Tried not speaking out too much about the DNS vulnerability Dan found, since honestly, everyone has disagreed with each other and really nothing good came out of any of it. I've also been putting in 12 hour days at work for the past two months, which has been draining me to the point where I just want to chillax when I get home. There's really been no good security books come out lately for us to read, except for maybe Hacking Exposed: Linux 3rd Edition -- an ISECOM book. Speaking of ISECOM, tomorrow and Tuesday I'm attending a two-day training certification class for the OSSTMM Professional Security Tester. I've also got that Hacking Exposed book on the way, which I plan to read and possibly post a review up here. Supposedly it takes an OSSTMM approach to Hacking Linux... so we'll see. Expect to see some posts on the OPST tomorrow or Tuesday with my thoughts as well.
In the mean time, enjoy the following posts which I found to be interesting:
- HTTP Caching is bretarded -- OMG, I think I battled with this for like 3 days in a row during a pentest.
- The 11 Worst Ideas in Security -- Yes, security vendors are evil. The entire industry is phoney.
- IIS Secure Parameter Filter (SPF) Released -- Because Holyfield and crew are rockstars.
- Attacking parameter names -- Portswigger pointing out the not-so-obvious. But yeah, been doing this for a while.
- Pwnie Award Winners and Video Posted -- Yes... pwnies!
- SSL Insecurity, Old News -- Funny Sharon... Too bad Imperva tech support asked me why I couldn't just click ok and accept the SSL cert not signed by a CA, :rolleyes:
- IE 8 XSS Filter Architecture / Implementation -- Good developments on the IE8 front.
- The Best Incident Response Training You Can Buy. For Free -- Ironic, no?
- Complete Slides: The Four Horsemen Of the Virtualization Security Apocalypse -- Hoff, adopt me already. Find a pdf compression tool, and tell us how you do it. Prison wine -- 'nuff said.
- DEFCON 16 — The Tools not the Toools -- Mubix!!
- Request Forgeries on MySpace -- Nathan was my instructor in college. He rules.
- The DefCon 16 Mystery Challenge -- LoST was another favorite, awesome instructor of mine. Seriously, LoST started planning this competition after we came back from DefCon last year. True hacker genius.
- Getting the Job Done -- Always good stuff from Bejtlich.
- Vegas, baby! Iron Chef Black Hat -- Need to follow up with Fortify about this.
- Petko Was Playing With Fire... -- Why I will always use NoScript.
- Software [In]security: Software Security Demand Rising -- Beautiful. WAF market caps at $50M, so "real" application security tech is at least double that.
- Pretty Pictures -- Yup... pretty :)
- The War Against Beer Pong -- Only one way to play beer pong... with real beer, mmmmm.