Ethanol Demagogue wrote:

Enter Google, the hip, incredibly profitable corporation whose motto is "Do No Evil." Google doesn't like the copyright laws as they have existed for centuries. Google wants the rights to store all the books in the world in its Google Library program, and the company doesn't want to pay for that right.

Copyright? No problem. Google cites "fair use," but it isn't using 400 words; it plans to digitize whole libraries and make them available piece by piece. Google is formidable. Google has brilliant public relations people and clever lawyers and connections in important places.

I'm not getting the controversy here, hasn't Amazon been doing this for awhile now?

Amazon doesn't make the entire book available for you to read, for free, online.

I agree that copyright laws in the country are ridicules but this the wrong way to fight it. First Google should partner with the Project Gutenberg and index all their books. These are already in the public domain. Second, Google should lobby for expanding "fair-use" of works not in the public domain, perhaps for non-commerical or academic work. Google books could have a disclaimer about appropriate usage. Perhaps it should be rate limited to 25 books a day unless you register a .edu email address or something.

I support what Google is trying to do but Google will lose its "No Do Evil" status if blatantly violates statues even if those statues are stupid.

RE: Newsday.com: Just Google 'thou shalt not steal'

This package provides a complete http client library. It currently implements most of the relevant parts of the HTTP/1.0 and HTTP/1.1 protocols, including the request methods HEAD, GET, POST and PUT, and automatic handling of authorization, redirection requests, and cookies. Furthermore the included Codecs class contains coders and decoders for the base64, quoted-printable, URL-encoding, chunked and the multipart/form-data encodings. The whole thing is free, and licenced under the GNU Lesser General Public License (LGPL)

I want to fly to Switzerland and kiss this guy! His project saved me easily a month on the tools I am releasing at Shmoocon!

Full HTTP library in Java

This document provides both technical information and some background and insight into what search engine indexing robots should expect to encounter . Technically, the problems arise from misunderstandings and exploitation of anomalies by HTML creators (direct tagging, WYSIWYG and automated systems), and the tendency of browser applications to be very forgiving in their interpretation of pages and links. Therefore, it's impossible to simply read the HTML and HTTP specifications and follow the rules there -- the real world is much messier than that.

I wish I had found this about 4 months ago! Easily the best checklist of the various issues and practical solutions you will face when writing a web crawler.

Indexing Robot Crawler Checklist

Part-press part technical article about implementing massive web crawlers in Java

Become.com's Web Crawler: A Massively Scaled Java Technology Application

So you think you're good enough to break the protection?

You want to see how good you are in reversing applications?

And you want to do it the legal way?

Then you're at the right place!

Awesome! I think I try some tonight after work.

crackmes.de: Tools for practicing reverse engineering

I hadn't told many people about this because I didn't know if I would get accepted, but I am presenting at BlackHat Federal in January. The topic is Analysis of Web Application Worms and Viruses

Yes, Rattle was right, I am working on some badass Javascript stuff right now. This presentation grew out of that and my analysis of things like Perl.Sanity and the MySpace.com Virus. The really cool Javascript stuff will hopefully be at BlackHat in Las Vegas this summer.

A detailed outline of this talk is available on Most Significant Bit Labs. Be sure to check the details on Web Worms and Web Viruses to better understand the threat.

Worms traditionally propagate by exploiting a vulnerability in an OS or an underlying service. 2005 saw the release in the wild of the first worms that propagate by exploiting vulnerabilities in web applications served by simple http daemons. With the near ubiquity of W3C compliant web browsers and advances in dynamic content generation and client-side technologies like AJAX, major players like Google, Yahoo, and Microsoft are creating powerful application accessible only through web browsers. The security risks of web applications are already largely neglected. The discovery of programs that automatically exploit web applications and self-replicate will only make the situation worse.

This presentation will analyze the scope of these new threats. First we will examine how Web Worms and Viruses operate, specifically focusing on propagation methods, execution paths, payload threats and limitations, and design features. Next we will autopsy the source code of the Perl.Sanity worm and the MySpace.com virus to better understand how these programs function in the wild. We will discuss the shortcomings of these two attacks, what that tells us about the authors sophistication, and how their impact could have been worse. Then we will hypothesize two future programs, the Smogmoh worm and the 1929 virus, and discuss their capabilities to learn how these threats might evolve. Finally, we will present guidelines for implementing new web applications securely to resist these new threats.

Participates should have a good understanding of the different HTTP methods, Javascript, DOM manipulation and security, Perl, and be familiar with web application design.

Speaking at Black Hat Federal 2006!

Ethanol Demagogue wrote:

A malicious user can use the ultra-popular search website – or one that operates like it – to find vulnerabilities in corporate websites more quickly than had previously been possible, hacking expert Johnny Long has said.

More and more I'm seeing centralized media lag behind, especially when it comes to tech news. This particular article has been around for over 2 years now.

Media, meet Perl.Sanity, Perl.Sanity, meet the Media.

I submitted to BlackHat Federal in January to discuss trends in web worms like Sanity. I'll post my 8 page CFP soon.

RE: Google also a hacker ally - IT Security News - SC Magazine UK

Microsoft's internal, unsupported application for mounting CD/DVD ISOs as drives. No more stupid daemon tools with their spyware filled BS that takes 20 minutes to get rid of!

Mounting ISO images in a virtual CD-ROM drive

[Does google search for "Atlanta Crime"]

Local results for crime near Atlanta, GA:
-Crime Victims Advocacy Council - 9.3 miles NW - 3101 Paces Mill Rd NW, Atlanta, 30339 - (770) 333-9254

-Crime Victims - 9.3 miles NW - 238 Paces Mill Rd Se, Atlanta, 30339 - (770) 384-0300

-Georgia Network To End Assault - 1.6 miles N - 131 Ponce De Leon Ave NE # 122, Atlanta, 30308 - (404) 815-5261

Google Search:Atlanta Crime

Underscoring the rising emotions of the war debate, Murtha rebuked Bush and Cheney for their aggressive new campaign to denounce war critics. Murtha compared his own combat experience with Bush's stateside service in the Texas Air National Guard and Cheney's draft avoidance during the Vietnam War.

"I like guys who've never been there that criticize us who've been there," Murtha said. "I like that. I like guys who got five deferments [Cheney] and [have] never been there and send people to war, and then don't like to hear suggestions about what needs to be done. I resent the fact, on Veterans Day, he [Bush] criticized Democrats for criticizing them.

Questioning your government is the highest form of patriotism. Its nice to see someone hitting back.

Iraq war debate gets bitter, personal