At last years BlackHat USA a bunch of us played some American geeks a game of late night parking lot football.. Our victory there, and the 6 months of victorious memories from that night filled us...

Apparently the two _are_ mutually exclusive.. [according to the NY Times…] -snip- According to the study, published in February in Oikos, a highly respected scientific journal, the more beer a...

SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up.. While the image of the young hax0rs indeed brings back fond memories of surfing...

from the SourceBoston videos i blogged about: Dr Geer never dissapoints, and kicked it off with the 4 rules on his office wall: Work like hell, Share all you know, Abide by your handshake, Have...

Whoa! time flies when you having fun… (click for orig.)

Uninformed has certainly done awesomely at filling in the gap left when phrack went silent, but there is something nostalgic about reading phrack… it seems like issue 65 has just hit the streets..

Hello All, Some of you might remember that I climbed Mount Kilimanjaro two years ago. What you might not know is the REASON I did this (apart from the jol) was to o raise funds for CNCF, a...

Then you probably should get on this one… [Problems with Random Number Generator] While it looks like an arb openssl bug, 2 seconds of reading should get you to: -snip- It is strongly recommended...

Earlier this week we had an internal presentation on Attacking ActiveX Controls. The main reason we had it is because of the ridiculously high hit rate we have whenever we look at controls with a...

Some of the DC16 speaker summaries have been posted, and these 2 caught my eye: Time-Based Blind SQL Injection using heavy queries and New Tool for SQL Injection with DNS Exfiltration Both...

but since it made me eat crow, i figured i would share it.. Although i read a fair bit, i stopped really reading fiction many many moons ago. Its something i often feel ill try to get back into...

The recent Safari Carpet Bombing bug reported by Nitesh Dhanjani and ignored by Apple had all the makings of an egg-on-face incident. We were discussing it over foosball, and the obvious consensus...

since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents...

I am probably one of the last ppl around to discover this, but ill post it here for the (probably) 2 other ppl in the world who have yet to stumble upon: Risky Business. Its pretty hard to find...

well.. 50% right.. But im not going to talk about FireFoxs record breaking download, or the bug that was released in record time.. but want to point you at Andy Inhatko’s review of Firefox3. Andy...

Cause this puts Perl right back in the game! -snip- > sudo perl -MCPAN -e shell cpan> install Acme::LOLCAT install — OK > cat demo.pl #!/usr/bin/perl use Acme::LOLCAT; print translate($ARGV[0]); >...

found this online last night. try in FF or IE7: javascript:document.body.contentEditable='true'; document.designMode='on'; void 0 then edit the page in-place, screenshot, and make your scam...

Mostly we have stayed silent, because too many people have commented too much already.. It was interesting however how Ptacek was quite deftly forced to eat his words by a Dan Kaminsky phonecall.....

Kaspersky will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The...

While doing some prodding on SQL Server, i came across this newness (of course this is probably old hat to many SQL2005 dba’s) Essentially i was tryign to track down something in sp_addserver. The...

Kaminsky’s thunder has all but evaporated into a fine mist, and Ptacek has gone all silent. In the meantime, the MetaSploit crowd put their heads down and produced:...

Quick update on your favourite brute forcer… The file input “MS EOF char” issue has been resolved, and provision has been made for blank passwords too. The above mentioned error meant that Crowbar...

Hey guys.. Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!) We will post...

The video of the much publicized pwnie awards has been posted to the interwebs [gvideo link] Locals (SensePosters) can grab a copy [here] I believe it featured HalVar rapping so it should be worth...

APSB08-15 is the latest adobe security advisory regarding a memory corruption vulnerabilty in Acrobat Reader versions As expected, the advisory does not include technical details about the attack...

A completely non-security related (but totally geek) blog that always makes me smile is [http://indexed.blogspot.com/]. We had just started the week (or ended the last one) with a conversation on...

Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u. It’s based on [webkit], which you might [recall] was impressive in...

We have scheduled our first training course for our new year, Hacking By Numbers – “Extended” Edition – for October 6-10th . The course runs for a full 5 days in Pretoria, South Africa. The HBN...

Introducing [http://www.reddit.com/r/ReverseEngineering/] (like its name suggests, a reddit thats all about Code RE..)

[Solve mazes with Photoshop (or gimp)] i must confess that while i understand the logic of flood-fill doing a depth first search and therefor doing the lifting for u, my gimp skills are second...