Ok.. so after many moons of making excuses for not making our internal blog public we have decided on a happy compromise.. Some of the “work-safe” posts from internal, will make its way out here.....
Aaron Adams over at SYMANTEC, did a quick check on the version of Samba running on currently up to date OSX machines and found that the Macs were still running 3.0.10. He did a quick mod on the...
[Yahoo pipes] looks like an awesome way for even non-programmers to create web mashups trivially. Aside from the fact that its interface is super-cool, it brings an interesting dimension to next...
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land. -snip- Linden Lab filed two motions to dismiss the suit,...
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear to our hearts, with 3 Blackhat talks on it (or applications of it)...
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to an article I read in TIME the...
Scheduled tasks and services are often run as accounts with excessive privileges (HP Insight, backups etc) instead of limited service accounts. By exploring the tasks under c:\windows\tasks or the...
VMware have just released beta4 of its Fusion product for OSX. The initial beta was hard to justify and a little flaky, which allowed Parallels to take an early lead. We still have people in the...
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and waiting for take off. Tag an additional five hour delay due to a missed connection in...
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck belonging to the office of national intelligence (available from the DIA website), the...
Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of course fanboys everywhere are going to be on this one like,...
Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available on our research site. I think the slides are pretty neat, and I’m *very* excited about the...
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This year Marco and i will be taking a new look at some old attacks.. The bulk of the talk will...
Mark Shuttleworth on his blog makes it clear -snip- “We have declined to discuss any agreement with Microsoft under the threat of unspecified patent infringements.” … I have no objections to...
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about...
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back trojans would connect back to arbitrary web servers on the Internet, we...
The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in Las Vegas and also includes a series of diverse technical training...
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of...
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael...
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A...
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my...
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this...
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..
A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is ………. now. The new QoW is available here. Thanks for the efforts; we received a fair...
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to...
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people /...
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is.. For those who missed the talk,...
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation Protocol (SIP), due to the ubiquity and widespread adoption of...
Spock have just opened up beyond their private beta and promise to be the most comprehensive people search tool on the interwebs.. Their model is interesting because they aim to combine wikipedia...