The qmail software package is a widely used Internet-mail
transfer agent that has been covered by a security guarantee
since 1997. In this paper, the qmail author reviews the history and security-relevant architecture of qmail; articulates
partitioning standards that qmail fails to meet; analyzes the
engineering that has allowed qmail to survive this failure;
and draws various conclusions regarding the future of secure
programming.

Is security too sexy to leave?

Some thoughts on security after ten years of qmail 1.0

Girls hang on Virgil Griffith. This is no exaggeration. At parties, they cling to the arms of the 25-year-old hacker whose reason for being, he says, is to “make the Internet a better and more interesting place.” The founder of a data-mining tool called WikiScanner, Griffith is also a visiting researcher at the mysterious Santa Fe Institute, where “complex systems” are studied. He was once charged, wide-eyed rumor has it, with sedition. No wonder girls whisper secrets in his ear and laugh merrily at his arcane jokes. null

Virgil is, without a doubt, a hacker rock star.

Virgil Griffith, Internet Man of Mystery

This article investigates the internal governance institutions of violent
criminal enterprise by examining the law, economics, and organization
of pirates. To effectively organize their banditry, pirates required
mechanisms to prevent internal predation, minimize crew conflict,
and maximize piratical profit. Pirates devised two institutions for this
purpose. First, I analyze the system of piratical checks and balances
crews used to constrain captain predation. Second, I examine how
pirates used democratic constitutions to minimize conflict and create
piratical law and order. Pirate governance created sufficient order and
cooperation to make pirates one of the most sophisticated and successful
criminal organizations in history.

An-arrgh-chy: The Law and Economics of Pirate Organization

Number one with a bullet: your email account is a de-facto master password for your online identity. Most -- if not all -- of your online accounts are secured through your email. Remember all those "forgot password" and "forgot account" links? Guess where they ultimately resolve to? If someone controls your email account, they have nearly unlimited access to every online identity you own across every website you visit.

If the Sarah Palin email hack taught us anything...

Coding Horror: Please Give Us Your Email Password

Now you can be the protagonist of the petroleum era: explore and drill around the world, corrupt politicians, stop alternative energies and increase the oil addiction. Be sure to have fun before the resources begin to deplete.

this is ridiculously fun to play!

Oiligarchy

Abstract:

A web application is more efficiently analyzed by identifying the sub-applications used to generate the various web pages available at the web application and then limiting the vulnerability assessment to just a subset of the web pages generated by each sub-application. The sub-applications can be identified by detecting similarity between the web pages, based on the user interface presentation, the inputs required or allowed, or both. For the user interface presentation, the markup language used to generate the user interface is reduced to common markup language elements by removing content, attribute values and white space and then determining the edit distances between the various pages. Small edit distance values indicate similarity and thus, likely generated by a common sub-application.

Inventors: Sima; Caleb; (Woodstock, GA) ; Hoffman; William M.; (Atlanta, GA)

WEB APPLICATION AUDITING BASED ON SUB-APPLICATION IDENTIFICATION

The first rule of Confidential Document Fight Club is you cannot acknowledge the existence of Confidential Document Fight Club.

Pretty cool analysis. The "ASP.NET's ValidateRequest stops XSS so its up to the dev to mess it up" is incorrect. Ignore esoteric attacks like double/triple encodings, etc. Lets do something basic.

" onmouseover="alert('xss')

ValidateRequest does not stop attribute injection attacks.

Syscan - Next Generation .NET Vulnerabilities.pdf

Today I ended up getting Kilz primer on my leather office chair. And I didn't notice the white paint on black leather for a few hours. Needless to say I thought I had ruined it.

Then, I came across some advice on the Internet. Unlike most advice or opinions on the Internet this was not anatomically impossible! Simply use olive oil and paper towels. Surely this couldn't work! But the next step was astringent and shoe polish so I took a swing.

Sure enough with a little bit of elbow grease the olive oil took the Kilz primer right off the leather leaving everything else in tact. Freaking amazing! Thank you Internet. You bring me pr0n, SQL injections, and household cleaning advice! Oh yeah!

This is interesting. wget this file: http://assets1.twitter.com/images/blank.gif

Image image = Bitmap.FromFile(@"C:\blank.gif");

Gives you an out of memory exception. Hexing the file shows a valid GIF header to me... this is weird.