tssci security

Archive for Tech

Fun with WiFu and Bluesniffing

This is just going to be a long list of links with rants. I have taken up the duty of disseminating information on the latest in WiFi and Bluetooth penetration-testing for no real reason other than it's on the tip of my tongue. First, we have the [...]

Google Chrome first look

The bad: It's a front-end to WebKit much like Safari, with no bells-or-whistles The only add-ons are Web Inspector (from WebKit), Chrome's own Task Manager, and Chrome's own Java Debugger (they could have at least used Drosera which comes with Web [...]

Virtualization is a process, not a product

I see that the BlackHat Blogger's Network has a topic of interest. I'll oblige, especially since The Hoff is involved. I think it's a good exercise, so I'll have to thank Shimel for this idea. You also won't want to miss what I've said about [...]

Accountability through connected frameworks

Apparently Laura Chappell and Mark Curphey were presenting at the Microsoft TecEd 2008 Security Track last week. I haven't heard too much about what happened as a result, and I really wish I was there to see them speak about their respective topics. For [...]

Firefox 3 first impressions

I've downloaded and used the Firefox 3 beta browser software for the past few months and wanted to give a report on the latest of what works and what doesn't. Note that I had to install Nightly Tester Tools to get many of these to work. I am also now [...]

Hardware VM security: past and present

Marcin and I were talking a bit about mainframe security today. I recalled how fantastic mainframes were while he had his hands in the trenches. Yes, I know that IBM renamed MVS to z/OS (as well as other things) years ago. However, the concepts remain [...]

My other phone is your iPhone

Here's a new 2008 security prediction for you -- The iPhone camera is an odd device. There is no notification that a picture is being taken, so the only requirement for malware is to wait for user activity and then start taking pictures. My prediction is [...]

Baby steps with web application security scanners

Web application security scanners have not matured much. I guess patent wars and company-buyouts have caused a lot of stagnation over the past year. However, I think the problems may run deeper than just controversy and industry drama. AppScan DE and [...]

Building a security plan

An audit framework for evaluating structured security program frameworks How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved? Possible frameworks [...]

Why pen-testing doesn't matter

Pen-testing is an art, not a science Penetration-testing is the art of finding vulnerabilities in software. But what kind of an "art" is it? Is there any science to it? Is pen-testing the "only" way or the "best" way to find vulnerabilities in software? [...]

More on Google Analytics: Now with Stolen Search Queries!

In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks. But now that Google has updated their Analytics service to support internal search queries, [...]

Preventing and Detecting Sensitive Data on P2P Networks

Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments [...]

Firefox + httpOnly? While we're at it...

kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It's not perfect, as ma1 pointed out in the comments, but it's better than nothing. The Firefox browser could be made even more secure by building NoScript, [...]

Wikis at work

I love wikis. I've been working on a security portal at work and it just got so much better with the addition of embedded RSS feeds. With this extension, I've embedded the Security Whitelist and Aggregated Vendor and Security News Sites pipes on the [...]

Pondering over the iPhone

|thumb_img_2472.jpg|I passed up a chance to get an iPhone last week because I couldn't spare the time to wait in line for it. I was headed to New Hampshire to stay up at Lake Winnipesaukee with some friends and watch the NASCAR Modified, Busch, and [...]

Suggested reading this week

I've been real busy lately, but I came across several blogs and articles this week that I'd like to share, Andrew Hay style. =) CEO Crime & Punishment -- Ben Horowitz, CEO of Opsware Inc., shares his thoughts on what entices executives to commit white [...]

Dell + Google Toolbar... profit??!?!

Andrew Hay writes: Dell & Google Secretly Installing Software to Make Money Off Your Typos Those bastards, how is this business practice not illegal? New Dell machines that include the Google toolbar as part of a marketing agreement also include a secret [...]

Today's Lucky Numbers are...

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

CSUM Ratings

Good stuff. I just find it hilarious when people watch CSI or all these other movies and think hacking or recovering data off a hard drive is so flashy and cool. Or better yet, completely retarded. It's a UNIX system! I know this! Cookie to the first [...]

All That!

Every time I have a conversation with someone who has diarrhea of the mouth, it makes me nauseous. The other day, I was flying from Atlanta to Hartford (my flight was delayed by an hour) and while in the plane waiting, I struck up a conversation with a [...]

How shift+del ruined my morning

What I learned today? The importance of backups, and having a clear head when working on my system. Tuesday night, I am going home to Connecticut for the summer, so I started saving all my data to an external hard drive to take with me. Well, I also did [...]

What happens when you wait until the last minute

People panic! Last night, TurboTax was unavailable for people to file their taxes. The problems have been since resolved, but let it be a lesson to all of us that we cannot depend entirely on technology. Technology will eventually fail us, like it did so [...]

Hacking pricey FPGAs

h1kari, not long ago at ShmooCon 2007, presented (*.mp4) his custom Field-programmable gate array optimized for cracking WEP and WPA encryption. It performed in some cases over 400% faster than a Pentium 4 or Athlon64. The reason why the chip performs so [...]

Prevent websites from resizing Firefox

LonerVamp had a post yesterday on preventing Firefox from sending referrer messages. I'll add to that and show how you can prevent websites from resizing the browser window. In about:config, set the value of dom.disable_window_move_resize to true. Also, [...]

Thinking of Exporting Classified Material? Think Again

ITT was fined $100 million for illegally exporting classified technical data relating to night vision equipment overseas. In addition to being fined, they must "invest $50 million over five years to accelerate development of night vision technology, and [...]

Dell and Linux - Survey

Thanks to the amount of feedback on Ideastorm, Dell is seriously considering pre-installing Linux on desktop systems. Having had the chance to play with the Core 2 Duo systems Dell puts out, I can definitely say they are pimpin'. I want one, but my main [...]

Vista cracked for real, no hoax

If you haven't heard, a keygen was released that brute-forced the correct CD key for Windows Vista. Martin McKeay did the math and let's just say, it'll take a really long time for anybody to brute force a key with available processing power we have [...]

Tools are only an abstraction, use the right one

Do tools make us dumber? I don't agree with the idea exactly, as they are just that, tools. Tools are just another level of abstraction from thinking at a lower level. It's what distinguishes an engineer from a kit builder. Who here wants to program in [...]

(lack of) quality conferences -- California rocks

Why are so many conferences filled with so much marketing dribble? I planned on going to a lot more talks while at SCALE but only attended one in its entirety. Some presenters started off their presentation stating they would "market" their product for [...]

What root never told you

While in L.A. at SCALE, I attended "Admin++, What root Never Told You," by Ron Gorodetzky, sysadmin for Digg.com and Revision3. His presentation gave some insight and tidbits on the things you forget when you have your own startup, and the other problems [...]

SCALE this weekend

I'm heading out to Los Angelos for the 5th Annual Southern California Linux Expo. I'll try and post inbetween sessions (that is... whenever I can). I'll be attending these talks: Leveraging the IT Community (This talk is focused on a building a new broad [...]

New Mac vs PC commercial... Vista UAC

Pretty funny: http://www.youtube.com/watch?v=X4FF_aT_mE8

Linux 2.6.20 kernel relocatable on x86

Linus released kernel v2.6.20 (tar.bz2) to the public today, adding virtualization support through KVM and relocatable kernel support for x86, among other changes. The latter feature is an interesting one from a security perspective and for kdump users. [...]

No, the floppy disk is not dead

My staging servers cannot boot from CD-ROM, therefore I use a boot disk. For this reason alone, I have floppy drives in all my systems. I also save time by booting from floppy disk and installing operating systems over the network. A tip for anyone who's [...]

SCALE: SoCal Linux Expo

Literally right after RSA, SCALE is happening February 10th and 11th. I plan on making the drive out with several other friends from school. The presentations I'm looking forward to: New & Improved: How a More Modern IT Security Model Can Better Protect [...]

A.. A... A... Availability!!!

Guy Kawasaki has a very interesting blog and today posted "The top 10 stupid ways to hinder market adoption." Supporting only Windows Internet Explorer. What Guy fails to mention, is having a website that's always available to its users. Supporting only [...]

Control our Christmas Tree :)

A couple students at my school hacked our Christmas tree. You can control it. You'll have to open up two browser windows to view the cameras and control it simultaneously(to prevent abuse). It's been featured on Make and some more pictures here. The web [...]

The Good and Bad of Outsourcing IT Services

If investing into an IT services company is something you are interested in, Morningstar published their Picks Among U.S. IT Service Providers. Great for the personal investor looking to make a couple bucks in their trading account, but if you're a [...]

Gaim 2.0.0beta5

A new version of Gaim has been released, 2.0.0beta5. I cannot find release notes on this version, but I am going to try it out now. We'll see if they have fixed the url translation bug when using the Jabber protocol.

Designing a New E-Voting Machine

With all the problems and flaws in electronic voting machines being exposed over the past couple months, I'd like to know why there hasn't been any effort in designing a new voting system from scratch. What does an electronic voting machine need to be [...]

Slackware 11.0

Pat unleashed Slackware 11.0 tonight, with an official announcement. Xfce 4.2.3.2, a lightweight and fast desktop environment is now available along with KDE. Still included is the tried and true 2.4.33.3 kernel, with an available 2.6.17.13 or 2.6.18 [...]

Foxit Reader 2.0 released!

Woohoo! This free PDF reader finally reached version 2. Best thing about Foxit Reader is that it's fast, self-executable, and takes up a small memory footprint. Grab it here, thank me later.

Firefox 2 Beta 2

The Firefox development team released Firefox 2 Beta 2 today. I have a couple visual gripes in version 2, like the inability to easily remove red "X" on tabs through an options menu item, and the addition of a green "go" arrow to the right of the address [...]

Bigfoot's "Wallet-Killer" NIC

Everytime I see Bigfoot's "Killer" NIC being mentioned on websites and forums, I just have to laugh. It's got interesting features like: bypassing the Windows TCP/IP stack and processing within the hardware, and running embedded Linux that's accessible [...]
blog comments powered by Disqus