| |
| I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
|
|---|
| Topic: Miscellaneous |
11:04 am EST, Dec 13, 2007 |
When did "message" become a verb? I was in a meeting today with fancy uses of "message" such as "I'll message that information" or "Who will be messaging this?" Does anyone else find this silly? UPDATE: It really is a Verb! |
|
Things that were not to be: suicidenotes.cx |
|
|
|---|
| Topic: Society |
10:02 pm EST, Dec 10, 2007 |
Virgil made the list with Wikiscanning. Congratulations, Virgil! (Interestingly, one of the other ideas was also one Virgil came up with a few years ago, but didn't pursue perhaps due to discouragement from several friends.)
Actually, Virgil's idea was to create www.suicidenotes.cx so people wouldn't find your note before you killed yourself. Revenue models included creating, and I shit you not, a coffee table book of suicide notes. It was one of the most surreal conversations I have ever had in my life: Strick and I sitting in the student center at Georgia Tech trying to explain to Virgil that this was a bad idea. This was back in Summer 2003 or so. Got to give my partner-in-crime credit, he's a visionary! Things that were not to be: suicidenotes.cx |
|
Phone phreaks spoof LSD-induced multiple homicide |
|
|
|---|
| Topic: Technology |
11:21 am EST, Dec 10, 2007 |
Three more individuals have admitted they participated in a series of phone phreak hoaxes that prompted raids by armed special weapons and tactic police teams on the homes of unsuspecting victims. Jason Trowbridge, of Louisiana and Texas, and Chad Ward of Texas pleaded guilty to multiple felonies, including conspiracy, access device fraud and unauthorized access of a protected computer. Each faces maximum penalties of five years in prison, fines of $250,000 and costs for restitution. Swatters, as the malicious pranksters are referred to, use a combination of social engineering, phone phreaking prowess and computer hacking to spoof the phone numbers of individuals they want to harass. They then make emergency calls to police departments and report crimes in progress, in many cases prompting a response from SWAT teams who conduct emergency raids on the homes of people whose numbers were spoofed.
Police, meet the ANI fail; ANI fail, this is the police. If you want to know more, look up my man Lucky. In many cases, the victims were fellow participants in telephone party lines, which largely act as the phone equivalent of internet relay chat groups. Trowbridge, who went by the names "Jason from California" and "John from California," furthered the scheme by mining personal information about the victims from a host of sources, including consumer reporting agencies, pizza delivery records and newspaper subscription records, according to court documents signed by the defendant. The personal information Trowbridge provided allowed the gang to make fake emergency calls that had the ring of authenticity. In one case, they posed as an Alvarado, Texas man whose daughter was a party line participant. They told a police dispatcher that he had shot and killed members of his family and was armed with an AK47 machine gun. The caller, who claimed to be high on hallucinogenic drugs, then threatened to kill his remaining hostages unless he was given $50,000 and safe passage out of the country. Police responded by sending police to the residence of the real man. During the course of the conspiracy - which lasted from late 2002 to June of this year and involved as many as 20 individuals - the participants also initiated calls to employers, landlords, families and friends of party line members they held a grudge against. Some of the members who refused to stop using the line found their friends and families swatted.
This is ridiculous, especially when you see the quarter of a million dollars in "damages" that occurred. Phone phreaks spoof LSD-induced multiple homicide |
|
Safari 3 Beta Update 3.0.4 |
|
|
|---|
| Topic: Miscellaneous |
10:29 am EST, Dec 10, 2007 |
What's included? New features * Allows windows to be resized from any side
* Includes an additional font smoothing option ("standard")
* Adds International text input methods
* Adds advanced text options (contextual forms, international scripts)
* Supports NTLM
* Includes auto-detection of PAC files
PAC Files are the devil's candy. * Supports listing FTP directories
It's about time guys! This was a pathetic and glaring hole inthe feature set. * Links to proxy settings from Safari (Safari respects the proxy settings in the Windows Internet control panel)
* Adds cookie management
* Adds LiveConnect support
Thank You! Thank You! Thank You! * Includes tooltips
* Adds spell checking and grammar checking
* Allows printing of page numbers, titles, margins
* Improves bookmark collection interface
* Maintains original order of imported bookmarks
* Adds an interface for editing AutoFill information
* History searches now search the full text of visited websites
* Adds a new preference to manually mark RSS articles as read
* Includes support for tilt wheels
Safari 3 Beta Update 3.0.4 |
|
|
|---|
| Topic: Technology |
11:19 am EST, Dec 7, 2007 |
You know its a slow news day when a story about Commodore 64 enthusiasts appears on the front page of CNN. C64 on CNN Homepage? |
|
if(ISO.contains(PDF)) { dance();} |
|
|
|---|
| Topic: Miscellaneous |
9:48 am EST, Dec 7, 2007 |
At the end of January 2007, Adobe submitted its Portable Document Format (PDF) to the ISO. Now, as the year winds to a close, Adobe has announced that PDF 1.7 has been approved by the ISO and will become the ISO 32000 standard (DIS). Although previous subsets of PDF (specifically PDF/Archive and PDF/Exchange) have been considered by the ISO, the approval of the entire document format as a new standard will impact its development in the future. From this point forward, the ISO, rather than Adobe, is in charge of the PDF specification and any changes that are incorporated into it. According to King, none of the current licensing terms for the PDF standard will change, as it's already licensed for free and readily available to anyone wishing to develop software capable of reading, writing, or processing PDF, but he posits that Adobe's Acrobat suite might see an increased level of competition from other companies as a result of the ISO certification.
I wasn't even aware of that this was in the pipeline. Now only if they'll turn over SWFs! if(ISO.contains(PDF)) { dance();} |
|
|
|---|
| Topic: Technology |
9:38 am EST, Dec 7, 2007 |
I received an amazing amount of mail from my friends in Microsoft (none of whom work on IE) regarding my IE post. Surprisingly, much of it was positive, but some were a little astonished. Allow me to clarify a bit. I don't personally dislike anyone on the IE team. I do, however, abhor what the team creates. A non-standards compliant browser that hurts web developers and security professionals alike. I firmly believe that Microsoft's actions over the last 10 years illustrates their complete lack of commitment about web browsers or web development. And 1.5 years of non-evil behavior and a tabbed browser doesn't change that. So when I see posts saying "look at us, we have 300 million downloads and awesome security" I'm shocked. And when faced with a year's torrent of requests for info about bugs, CSS hacks, standards compliance, and future browser plans the community is still faced with stony silence or a pompous "don't worry, we are working on it" post I felt the need to unload though, granted, perhaps with more expletives than necessary. But I don't believe what they say any more. There has been too much "its coming, and it will be so cool" followed by failing to deliver. You don't get to make those statements anymore, certainly not without some blowback. |
|
Ory and the kicking of ass and taking of names |
|
|
|---|
| Topic: Miscellaneous |
3:19 pm EST, Dec 6, 2007 |
Ory over at IBM/Watchfire does a good job attempting to sort the wheat from the chaff in regards to Larry Suto's comparison report of web scanners. Couple it with HP/SPI's Jeff Forristal's report and you have a good idea about the difficulties of having a true apples to apples comparison of any type of security product, not just web scanners. If only WASC or OWASP or somebody has some guidelines for evaluating web scanner results :-). The Web Application Security Evaluation Criteria is a set of guidelines to evaluate web application security scanners on their identification of web application vulnerabilities and its completeness. It will cover things like crawling, parsing, session handling, types of vulnerabilities and information about those vulnerabilities.
Hopefully this will raise awareness about how confusing accurate product comparisons in the security space must be to product reviewers, prospective customers, academics, and even lay people and foster more participation in this WASC project. But back to Ory: In addition, I am concerned by the web application security industry - an industry filled with gifted security experts and practitioners, who embraced Suto's whitepaper warmly, without questioning its results or the methodology by which it was conducted for a single moment. Suto, having good intentions published what he thought was in the best interest of the industry, and my biggest complaint to him was that his experiment methodology was never fully disclosed to the public, therefore could never be confirmed nor rebutted. On the other hand, one would expect security experts to use a little more judgment when reading technical whitepapers, and be skeptical of results from experiments that are not well documented. Putting numbers into a table doesn't make them meaningful.
Ory, bravo for calling us all out for accepting things without fact checking. It seems even web professionals suffer from improper input validation for time to time! :-) Ory and the kicking of ass and taking of names |
|
