This pizza is like crack. Made by Russians no less! To bad delivery is slow but its on the way home for pickup. When you don't feel like cooking. Like tonight. When its cold. You've had a long day. And the wolves are after you.

Laura's Pizza, Roswell

For the first time, legitimate Web sites compromised by attackers made up the majority of sites used to spread malicious programs, security firm Websense said in a report published on Tuesday.

In the past, massive attacks aimed at Web sites typically involved defacements by online vandals. Yet, as online crime increasingly becomes motivated by profit, defacements have given way to finding ways to insert iframe redirection code or compromise a site to host malicious software. Earlier this month, for example, security firm Finjan warned that hackers had bypassed security on at least 10,000 legitimate domains to install the Random JS infection toolkit.

Which should be no surprise to anyone. We moved from kids using pings-of-death, DoS, system vandalism and general mischief to complex rootkits that own the box, evade defenses, and keep it a viable platform for attacks that generate criminals revenue. Why would the evolution of the motivation for web attacks follow a different path?

BFO: Attackers favor compromise over creation

Alright Japan, the cuteness of your Foxkeh has helped assuage the creepiness of your Maid Cafes. I guess we can call this one square.

Japan: 1 win and 1 loss

Worthersee wrote:

I was only poking around with Reflector before, but thanks to Dominick Baier for reminding me that I can now hook a debugger to the code I previously couldn't.

Bryan did some work with Silverlight where he could decompile the assemblies, and load them in Visual Studio 2005. There is a option where the source code lines of breakpoint must match exactly (something along those lines). By disabling that option, Bryan and I got Silverlight assemblies running in a debug mode in VS2005.

Not quite the same as setting break points in the CLR, but it shows that you can uses reflector + VS voodoo to debug any .NET assembly with various degrees of success.

RE: ASP.NET Internals Spelunking

The first drive-by pharming attack has been observed against a Mexican bank: “It’s associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,” says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it.

Will someone finally take CSRF vulnerabilities seriously now? "Utter horror show" is an accurate description of the security status of most router's web interfaces. The Linksys box sitting next to me has an CSRF vuln that allows you to reset the WEP key. Unacceptable.

First case of "drive-by pharming" identified in the wild - Network World

Sudoku is a very simple and well-known puzzle that has achieved international popularity
in the recent past. This paper addresses the problem of encoding Sudoku puzzles into conjunctive
normal form (CNF), and subsequently solving them using polynomial-time propositional
satisfiability (SAT) inference techniques.

Sudoku isn't the only thing that you can use a SAT solver on ;-) Luckily I wrote a SAT Solver in college which uses a modified DLPP algorithm with back propagation and some heavy preprocessing for initial value selection.

Sudoku as a SAT problem

ASP.NET does not push any JavaScript in a response if the request does not have a User-Agent header. This is most likely from that built-in "Capabilities" info available on the incoming Request object.

Interesting, and annoying. webClient.Headers.Add("User-Agent",...) to the rescue!

Japan's Defense Minister Shigeru Ishiba is considering how his Self-Defense Forces could respond to an attack by space aliens while adhering to limits on military action under the country's war-renouncing Constitution.

Ishiba said yesterday a Japanese military response, such as those in the Godzilla movie series, would require legal review and said he is studying ways Japan could deal with an attack. Ishiba said his comments represent a ``personal view,'' and not Defense Ministry policy, according to the transcript of the press conference published on the ministry's Web Site.

``There are no grounds for us to deny there are unidentified flying objects and some life-form that controls them,'' Ishiba said. ``Few discussions have been held on what the legal grounds are'' for a military response.

A most interesting problem to have. I suggest building a giant robotic lizard and hiding him in a volcano until the aliens attack.

Defense Minister: How can offensive-forbidden Japan stop UFO Attack

Client-side storage (sessionStorage and globalStorage) as well as offline application support (including client-side databases, offline content serving/manifests, eventing, etc) have all been codified into HTML5. Not a super big surprise because they've been in WHATWG spec for a while but certainly plan for them to take on a larger role in web apps then when they were simply implemented in Mozilla (DOMStorage) or as a browser plug-in (Google Gears)

Attacks and defense against these features is discussed in chapters 8 and 9 of our book.

Remember folks, its only an increased attack surface ;-)

HTML 5 differences from HTML 4

Well, 99x in Atlanta is going off the air to be replaced by a Top 40 station.

Damn.

I've been listening to 99x for well over a decade now and was exposed to so many fantastic bands through concerts sponsored by 99x. The Marvelous Three, Foo Fighters, The Offspring, Live, Metallica, Nine Inch Nails, Cowboy Mouth, Lords of Acid, Eve6, Blink 182, Everclear, Smashing Pumpkins, Pearl Jam, the list goes on and on. And even if my musical tastes match less and less with newer music, until a few months back I could listen to the Retroplex around lunch where they played The Clash, Velvet Underground, The Cure, New Order, The Ramones, and Bad Religion.

But this morning all I get is 30-something jack offs talking about the bar scene, golf, and their fucking MySpace pages.

I feel like I'm in the middle of a Lewis Black bit, because repeatedly shouting "Are you fucking kidding me?" seems the only applicable thing to do.

99X - Everything No Longer Alternative