I am a hacker and you are afraid and that makes you more dangerous than I ever could be.
'Furry Grim Reaper'
Topic: Miscellaneous
11:44 am EDT, Jul 26, 2007
Oscar the cat seems to have an uncanny knack for predicting when nursing home patients are going to die, by curling up next to them during their final hours. art.cat.ap.jpg
His accuracy, observed in 25 cases, has led the staff to call family members once he has chosen someone. It usually means the patient has less than four hours to live.
"He doesn't make too many mistakes. He seems to understand when patients are about to die," Dr. David Dosa said in an interview. He describes the phenomenon in a poignant essay in Thursday's issue of the New England Journal of Medicine.
"Many family members take some solace from it. They appreciate the companionship that the cat provides for their dying loved one," said Dosa, a geriatrician and assistant professor of medicine at Brown University.
After about six months, the staff noticed Oscar would make his own rounds, just like the doctors and nurses. He'd sniff and observe patients, then sit beside people who would wind up dying in a few hours.
Dosa said Oscar seems to take his work seriously and is generally aloof. "This is not a cat that's friendly to people," he said.
DOMinatrix is, well, incredibly awesome. It's a full automated SQL Injection tool written in JavaScript, which will dump out data from MS SQL Server databases (more to come). I'm be demoing DOMinatrix at my Black Hat presentation.
XSS + Web worm + DOMinatrix = oh crap.
In the last 5 months we've seen the development of web scanners and SQL injectors in JavaScript.
These aren't a browser exploits. These aren't buffer overflows. These aren't something that affects only a single browser and only on pages that don't explicitly set a character set.
This is using JavaScript in perfectly valid ways to do extremely malicious things.
There is no way to patch this. End users are pretty much screwed.
Mark: Meg White is hot. You know she owns ever Bob Dylan album ever made? Bryan: I own ever Bob Dylan album ever made. Mark: ...Not quite the same thing but buy me a drink and we can talk
Reality Bedding: “Too Visionary” and “Ahead of Its Time”
Topic: Miscellaneous
3:12 pm EDT, Jul 23, 2007
Here’s a surprise: Reality Bedding, the revolutionary new startup that lets you buy a comforter with a celebrity picture (or two women kissing) printed on it, is going out of business. The company also promised to let buyers upload their own images but I was never able to find that feature when looking for it.
HAHA! If you do read Techcrunch's Deadpool, you are missing the fun of Web 2.0 bubble death.
I submitted your title to the Conference Advisory Board and we were hoping you could possibly re-phrase the “Premature AJAX-ulation” references. While some of us appreciate the play on words, we have a feeling it would not be well received by all and we do not wish to offend anyone.
The only thing better than an hour long benefits presentations is a two hour long benefits presentations.
Please explain to me *how* the $30 spousal fee is deduced from each pay period. Whats that, You withdrawl it from my paycheck? I'm not sure I understand, please explain it to me again. For 5 minutes. In excruciating detail. I only graduated on the Dean's List from one of the top five engineering schools in the country, so please, waste some more of my relatively unimportant time.
This rocks. some Australian guys build a Trojan Horse full of people dressed like Greek solders, and then try to get it past security into various places in Sydney. The only place that denies them access is the Turkish Consulate.
The SPI laboratory : SPI Labs advises avoiding iPhone feature
Topic: Technology
11:39 am EDT, Jul 17, 2007
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing * Tracking phone calls placed by the user * Manipulating the phone to place a call without the user accepting the confirmation dialog * Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone * Preventing the phone from dialing
These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm.
For example, an attacker could determine that a specific website visitor “Bob” has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob’s phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss.
