| |
| Current Topic: Technology |
|
Its offical! I'm writing a book. |
|
|
|---|
| Topic: Technology |
3:53 pm EDT, Aug 28, 2006 |
I signed a book contract today with Addison Wesley to write a book on Ajax Security with a co worker. The manuscript is due June 1st, so outside of Phreaknic (and Security Opus and AJAXWorld and Toorcon and Shmoocon...) you won't see much of me :-) |
|
China bans strippers at funerals | The Register |
|
|
|---|
| Topic: Technology |
1:57 pm EDT, Aug 24, 2006 |
China has added strippers at funerals to its burgeoning list of proscribed activities, the BBC reports. Bare-assed ladies are apparently deployed at rural send-offs to boost mourner numbers, since "large crowds are seen as a mark of honour". To show they mean business, the authorities have arrested the leaders of five striptease troupes, including two involved in a farmer's funeral in Donghai county, Jiangsu province on 16 August, which was exposed by a Chinese TV station. Local officials subsequently ordered an end to the traditional practice - which they dubbed "obscene performances" - and declared that "funeral plans have to be submitted in advance", according to Xinhua news agency. And just to make sure the ban sticks, the powers that be have set up a hotline where concerned citizens can earn cash rewards for reporting "funeral misdeeds".
Lap dances would be *so* much better than singing Danny Boy China bans strippers at funerals | The Register |
|
|
|---|
| Topic: Technology |
6:06 pm EDT, Aug 23, 2006 |
There are few things in life funnier than reading a Gartner report trying to define and quantify "Web 2.0" |
|
EchoStar Must Disable DVRs |
|
|
|---|
| Topic: Technology |
9:39 am EDT, Aug 18, 2006 |
A U.S. federal judge ordered EchoStar Communications on Thursday to disable its digital video recorders (DVRs) that infringe on a patent held by TiVo. Judge David Folsom of the U.S. District Court for the Eastern District of Texas granted an injunction mandating that all but 192,708 DVRs violating a TiVo patent should be shut off within 30 days. In addition to the injunction, Folsom added $5.6 million in interest and $10.3 million in supplemental damages for infringement, bringing the total judgment close to $90 million.
... Holy Shit! I feel like I dodged a bullet. I came **extremely** close to working for Echostar right out of Tech. I was offered a position in their hardware dev team to write software for the set top boxes, possibly their DVRs. They really liked my (now incorrect) article about hacking XM radio because I already know about the security issues involved with one to many broadcast systems. SPI Dynamics got their offer letter to me a few days before Echostar did. I took a day or so, did more research on how cool web app security was, and decided I really didn't want to work for a big company. I suppose if I had gone to work for Echostar, I'd be lecturing on destroying the Intarweb using DSLAMs instead of JavaScript... EchoStar Must Disable DVRs |
|
|
|---|
| Topic: Technology |
4:11 pm EDT, Aug 14, 2006 |
"I met my wife on your captcha!!!" -- Steve, from New York
Captcha that makes you pick the hottest person to confirm you are not a robot. Very cool. Captcha Mashup |
|
JavaScript take destroys meaningful browsing |
|
|
|---|
| Topic: Technology |
12:04 pm EDT, Aug 10, 2006 |
Please revisit this site. Just clikc around. [waits] Meaningful browsing is utterly impossible. This person should be ashamed of themselves. JavaScript take destroys meaningful browsing |
|
Ajax books are teh sux.... for now. |
|
|
|---|
| Topic: Technology |
10:48 pm EDT, Aug 9, 2006 |
Ajax books are crappy. They are all targeted at novices, give horrible advice, and contain little or no security information. Maybe this is why it's more web two point own ya than web 2.0? Shouldn't someone who knows web security actually write an Ajax security book? Why yes, yes one should. Lets hope Addison-Wesley agrees as I'm talking to their acquisitions editor tomorrow morning. |
|
Biometric passports cracked |
|
|
|---|
| Topic: Technology |
12:40 pm EDT, Aug 7, 2006 |
'The whole passport design is totally brain damaged,' Grunwald told wired.com. 'From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all.' Grunwald says it took just two weeks to figure out how to clone the passport chip, and cost him $200. He tested the attack on a new European Union German passport, but the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard. Authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. Since March, all passports issued in the UK have contained RFID chips with physical identification information.
I really have no idea why everyone thinks RFID is a technology that should be used with passports. The one advantage of RFID is that it is contactless and can be read from a distance. This requirement makes no sense for a passport. In all situations where someone would be using a passport, they are going to be interacting with a customs offical. By its every nature, this is a slow process. There is no need for a quick, distance-readable passport solution. There are many technologies that can meet the requirement of being machine readable and storing lots of data that cannot be modified. A digitally signed 2D barcode come to mind. A 2D barcode also has the added benefit of not triggering a bomb thats scanning for the emissions of American passports Biometric passports cracked |
|
Semacode - Image recognition on mobile camera phones |
|
|
|---|
| Topic: Technology |
12:17 pm EDT, Aug 1, 2006 |
Could you write a good image recognizer for a 100 MHz mobile phone processor with 1 MB heap, 320x240 image, on a poorly-optimized Java stack? It needs to locate and read two-dimensional barcodes made up of square modules which might be no more than a few pixels in size. We had to do that in order to establish Semacode, a local start up company that makes a software barcode reader for cell phones.
God Damn It! Semacode - Image recognition on mobile camera phones |
|
JavaScript opens doors to browser-based attacks |
|
|
|---|
| Topic: Technology |
3:02 pm EDT, Jul 31, 2006 |
...said Fyodor Vaskovich, creator of the popular Nmap network port scanning tool... "But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come." There have been similar attempts to craft JavaScript-based network scanners, but none as advanced as the SPI Dynamics example, Vaskovich said. "SPI Dynamics deserves credit for a clever attack vector and a solid demonstration of the issue. Their method of fingerprinting servers by checking for default image paths and names is slick."
When the definitive source on port scanning gives you massive props in a public forum, you should do a little dance... [dance] [dance] [dance] My dance makes HR sad. JavaScript opens doors to browser-based attacks |
|
