I’ve spoken before on how I like some of Simon T Bailey’s stuff and his general leetnesses…he has some gems… This one, on rational vs emotional commitment is quite leet and touches on a discussion...

Of course, Leopard’s new improved ™ finder includes an Itunes’esque “Cover Flow” view (which includes quick view thumbnailing quite impressively).. Of course, it means you get a better look at the...

Slashdot picked up on the blog post from Light Blue TouchPaper commenting on the fact that a researcher was suprised to discover that simply putting an md5 hash into google returned a hit with a...

So…because I don’t have a report to write this weekend I’ve had some time to ponder and reflect on stuff (and read my mail)- I thought I’d share some stuff that came to the fore of my mind again...

Dino is the guy who added much shellcode coolness to MetaSploit, gave the world Karma, released the first virtualization rootkit for Intel (Vitriol), and gave much credibility to the Matasano...

OK.. so it was a long time ago, and old code is supposed to embarrass you.. but i pulled casper.exe form our webpage today to test something for the project im on.. interestingly it runs pretty...

Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our Vegas talk, but im not really sure how his attack differs from our published one.. my on-list response:...

Ok.. so being the cautious geek i am, i had bought a mac mini a while back before jumping into the OS X waters.. Unfortunately it was probably the last PPC mac mini’s sold, which means it has...

Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch.. Essentially amazon are giving the power of a database to people used to excel and...

A while back some of us discovered and subsequently lost days to “The Python Challenge“. Well.. prepare to write off a little more time, and check out “Project Euler“. From its about page: ” What...

A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had...

a) At the end of the year we usually end up getting geek-gifts.. from SensePost, to SensePost.. Last years iPod nano’s were always going to be a tough act to follow.. but i think the picture says...

A seasonal Wikto version was released on the 22nd (Version 2.0.2911-20215) which has an issue with the web spider funtionality. HTTPS requests are being made in plain text, and this obviously...

Over the past while we have been getting emails from people trying to figure out why they had entries like this in their http log files: 10.10.1.136 – – [32/Dec/2007:25:61:07 +0200] “GET...

There has been a fair bit of blog buzz about the new SQL Injection worm that ran around infecting sites. I have not looked too deeply into it, but have not yet seen accounts of how the targeting...

a) its my birthday in a few days b) Apple just announced the new macbookair.. Coincidence??? i think not!!!

This quote reminded of something H always says: “When opportunity comes… its too late to prepare” – John Wooden – Hall of Fame Basketball coach

John is one of the bright guys over at NGS, and judging by his track record will boost the signal to noise ratio in the blogosphere.. You can read him at [aut disce, aut discede] (of course, in...

Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from...

For those of you who have not yet tried it, check out Tooble. Its a point and click tool that lets you download videos from the youtube.. its pretty cool and allows u to pull/convert videos pretty...

While im into posting mac-links.. Check out [Webkit] A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.....

Old timers here will know about the concept of bruteforcing DNS using the clues available.. i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and...

H said that there is a tool that will do the HTTP Mangler functionality out of the box. So here goes. WebScarab-NG is the tool that will do the trick. First we select the feature that will allow...

So everyone uses the live search engine with a ip: when trying to locate virtual hosts. I used domaintools in the past with good results, till they went fully pay-per-use. Checkout Reverse IP...

Many people took a crack at “what tool will work to replace mangler, out of the box” and so we have a bunch of new tools to play with.. Steven’s answer of MS-Word or PowerPoint left us scratching...

(my first X-Rated blog post.. i should hook up ad-words and watch the money roll in!) Ok.. our Zimbabwean recruit was posed the following question by some international academics: Q:”How would you...

So felten et al basically figured that cooling dram chips allows an attacker to move them to another machine where they can be leeched! The geek in me cant help but say “COOL!” According to the...

-sigh- the topic is stolen directly from the [DarkReading Article] -snip- Itâ€s yet another new spin on a pervasive attack — this time using the old standby Simple Network Management Protocol...

On a recent assessment we came across the following scenario: 1) We have command execution through a web command interpreter script (cmd.jsp) on a remote Linux webserver 2) The box is firewalled...

Peltier and Associates have released their massive “Peltier Effect – Year in Review 2007“. The collection comes in at a whopping 156 pages from a wide array of authors so there should be somethign...