| |
I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
Topic: Miscellaneous |
10:16 pm EST, Jan 28, 2007 |
Byran: Did we just car jack somebody? Stewie: We sure did Bryan. We sure did. |
|
Topic: Technology |
8:18 pm EST, Jan 28, 2007 |
Title: A Hacker's approach to Web Applications Abstract: This talk will be a live demonstration of how a hacker discovers, analyzes, attacks, and exploits a web application. I will have several sites running on test machines that we will attack. Specific topics include performing reconnaissance, detecting and fingerprinting backend systems, and how to properly utilize different attack vectors like XSS, XSRF, and SQL Injection to do maximum damage to the site. I'll poke holes in common web security myths and I'll also discuss my experiences with pen testing real world sites. Finally, I'll show how to properly secure a website against evil people. Bio: Acidus spends his days trying to destroy the Intarweb as the lead R&D engineer at a major web security firm. He is far too curious for his own good, and likes really girlie drinks. You know, the kind that come in funny glasses with lots of fruit in them. Seriously, someone buy him a dark beer and some testicles. |
|
Beagle - Desktop search for Linux |
|
|
Topic: Technology |
1:09 pm EST, Jan 28, 2007 |
Beagle is a search system for Linux and other modern, Unix-like systems, enabling the user to search documents, chat logs, email and contact lists in a similar way to Spotlight in Mac OS X, or Google Desktop under Microsoft Windows. Beagle grew out of Dashboard, an early Mono based application for watching for and presenting useful information from your computer. It is written in C# using Mono and uses a port of Lucene to C# called Lucene.Net as its indexer. Beagle includes a Gtk#-based user interface, and integrates with Galago for presence information.
Beagle is freaking awesome! Use it, use it now. Beagle - Desktop search for Linux |
|
A Cost Analysis of Windows Vista Content Protection |
|
|
Topic: Technology |
9:08 am EST, Jan 26, 2007 |
This document looks purely at the cost of the technical portions of Vista's content protection [Note B]. The political issues (under the heading of DRM) have been examined in exhaustive detail elsewhere and won't be commented on further, unless it's relevant to the cost analysis. However, one important point that must be kept in mind when reading this document is that in order to work, Vista's content protection must be able to violate the laws of physics, something that's unlikely to happen no matter how much the content industry wishes that it were possible [Note C].
Nicely put together article that avoids preaching most of the dogma around DRM. A Cost Analysis of Windows Vista Content Protection |
|
Viewing nearby rows - Greg's Postgres stuff |
|
|
Topic: Technology |
3:40 am EST, Jan 24, 2007 |
I was given an OID number, and wanted to see which relation it mapped to, as well as what its "neighbors" looked like:
Look at this later. See if it's possible to grab the surround row's oids when my ORDER BY clause is not operating on oid. Viewing nearby rows - Greg's Postgres stuff |
|
Gonzales Questions Habeas Corpus |
|
|
Topic: Current Events |
10:19 pm EST, Jan 23, 2007 |
“There is no expressed grant of habeas in the Constitution; there’s a prohibition against taking it away,” Gonzales said. Gonzales’s remark left Specter, the committee’s ranking Republican, stammering. “Wait a minute,” Specter interjected. “The Constitution says you can’t take it away except in case of rebellion or invasion. Doesn’t that mean you have the right of habeas corpus unless there’s a rebellion or invasion?” Gonzales continued, “The Constitution doesn’t say every individual in the United States or citizen is hereby granted or assured the right of habeas corpus. It doesn’t say that. It simply says the right shall not be suspended” except in cases of rebellion or invasion.” “You may be treading on your interdiction of violating common sense,” Specter said. While Gonzales’s statement has a measure of quibbling precision to it, his logic is troubling because it would suggest that many other fundamental rights that Americans hold dear also don’t exist because the Constitution often spells out those rights in the negative.
... are you fucking shitting me? Gonzales Questions Habeas Corpus |
|
Topic: Miscellaneous |
10:39 am EST, Jan 23, 2007 |
I must have had 5 of these at the SPI's kickoff party over the weekend. Grey Goose Vodka, blue Curaçao liqueur, pineapple juice, and sweet & sour mix. Highly Billy compliant! |
|
Frank Warren in Atlanta tonight |
|
|
Topic: Current Events |
1:12 pm EST, Jan 22, 2007 |
Here an update to an earlier post. Frank Warren, creator of the PostSecret project, will be speaking about the project and signing books in Atlanta tonight at 7pm at the Barnes and Noble on Peachtree St. Hopefully I will see other Memestreamers there tonight. |
|
Interview with Bill Cheswick |
|
|
Topic: Technology |
11:36 am EST, Jan 22, 2007 |
The Internet runs on two fragile technologies: BGP connections among routers, and a bunch of root DNS servers deployed around the planet. How much longer do you think this setup could still be effective? Bill Cheswick: For quite a while, actually, though there are obvious, well-known weaknesses with both systems. The DNS root servers appear to be 13 hosts, but are actually many more. They have been under varying, continual, low-level attacks for many years, a process that tends to toughen the defenses and make them quite robust. A few years ago there was a strong attack on the root servers, taking 9 of the 13 down at some point. There are other root servers, of course. Anyone can run one, it is just a question of getting people to use it. I understand that China is proceeding with root servers of their own. DNSSEC is a way to get the right DNS answer, but its deployment has had problems for at least 10 years. BGP is certainly another network issue. Where should my routers forward packets to? BGP distributes this information throughout the Internet. There are two problems here: 1) is the distribution working correctly, and 2) are the other players sending the correct information in the first place. This is usually an easy problem between an ISP and their customer. The customer is only allowed to announce certain routes, and the ISP filters these announcements to enforce the restriction. It is easy on a short list of announcements. But at the peering point with other ISPs, this becomes hard, because there are hundreds of thousands of routes, and it isn't clear which is which. Should I forward packets for Estonia to router A or router B? We are far removed from the places where these answers are known.
Nice interview with Bill Cheswick, Firewall god, on Security Focus Interview with Bill Cheswick |
|
'Grammar Girl' a quick and dirty success |
|
|
Topic: Miscellaneous |
11:07 am EST, Jan 22, 2007 |
Grammar lessons often are associated with high school drudgery -- diagramming sentences and memorizing obscure rules in between passing notes in English class -- but an Arizona technical writer has turned the seemingly dry subject into a popular podcast.
Ok. I'll save you all the trouble. The article is most definitely not about what you'd think it would be, given the title "'Grammar Girl' a quick and dirty success./" 'Grammar Girl' a quick and dirty success |
|