Kaminsky’s thunder has all but evaporated into a fine mist, and Ptacek has gone all silent. In the meantime, the MetaSploit crowd put their heads down and produced:...
Quick update on your favourite brute forcer… The file input “MS EOF char” issue has been resolved, and provision has been made for blank passwords too. The above mentioned error meant that Crowbar...
Hey guys.. Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!) We will post...
The video of the much publicized pwnie awards has been posted to the interwebs [gvideo link] Locals (SensePosters) can grab a copy [here] I believe it featured HalVar rapping so it should be worth...
APSB08-15 is the latest adobe security advisory regarding a memory corruption vulnerabilty in Acrobat Reader versions As expected, the advisory does not include technical details about the attack...
A completely non-security related (but totally geek) blog that always makes me smile is [http://indexed.blogspot.com/]. We had just started the week (or ended the last one) with a conversation on...
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u. It’s based on [webkit], which you might [recall] was impressive in...
We have scheduled our first training course for our new year, Hacking By Numbers – “Extended” Edition – for October 6-10th . The course runs for a full 5 days in Pretoria, South Africa. The HBN...
Introducing [http://www.reddit.com/r/ReverseEngineering/] (like its name suggests, a reddit thats all about Code RE..)
[Solve mazes with Photoshop (or gimp)] i must confess that while i understand the logic of flood-fill doing a depth first search and therefor doing the lifting for u, my gimp skills are second...
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as...
Gegroet just a quick note on VM. Google is now offering Google Blog Search Beta and I thought it interesting to see who is blogging on vulnerability management.Some of the output includes: i)...
Good news to all the blah’ers out there! The BETA version of BiDiBLAH 2 is available for download here. As you probably know, [a real quick and easy] registration is required, and version 2 of...
The full videos from the OWASP NYC Conf have been posted. At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here],...
EC2 is now out of beta, and supports windows based ANI’s. [Big Day for EC2] EC2 blows my mind, and from a bazillion miles away, i was truly surprised the Amazon got the jump on Google/MSFT/Apple/*...
When you blog a link to poetry: [The man watching] is a poem by Rainer Maria Rilke, that i picked up from a talk by Tim Oreilly during his [recent talk] where he chided the audience for focusing...
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there yet] SensePosters can grab a local copy [here]
For those writing apps for the iPhone, you have a good chance of bumping into the highly annoying preflighting application error: Ralf Rottmann of [24100.net] has a [pretty comprehensive post on...
Anyone who was around for Defcon-10 will have an opinion on the infamous Gobbles-Silvio-UnixTerrorist talk in which mail spools where published and everyone was slammed [1] According to mumble on...
As a Christmas special we have scheduled an additional training course, Hacking By Numbers – Extended Edition (Bootcamp) in Pretoria, South Africa on November 24-28th. The course runs for a full 5...
Wired magazine has covered the DNSGate saga with full dramatic details like: “never, ever repeat what you just told me over a cell phone“. Its a quick read, and worth it for the classic line: “The...
A couple of months back SensePost were asked by a prominent South African media company to assist in the selection of content and speakers for an upcoming information security conference called...
Our good friend Anthony Olivier has launched his “IT Security Pubcast“. So far 2 episodes are online, with episode #2 including our very own, ever quotable Charl van der Walt. Check it out..
While i normally find “Linux ported to run on your [nintendo/toaster/foo] stories only academically interesting, i think the thought of Linux running on 1st Gen, 2nd Gen iPhones (and iPod Touch) a...
Microsoft has posted selected videos of the latest BlueHat talks [here]. It’s pretty cool that they are now releasing these videos to the planet.. You get to see Matt Miller (skape), Scott Charney...
The latest version of Wikto (2.1) is available for download here. New features include time anomaly reporting and easier access to findings. A few bugfixes have also been made (thanx to some...
I wanted to remind folk that the CFP for the ITWeb Security Summit closes on 26 Jan 2009. You can check it out at http://www.itweb.co.za/events/securitysummit/2009/. Local (ZA) should please make...
I got contacted the other day (via LinkedIn actually, which is a 1st for me) about a PCI conference some folks are trying to organize here in Johannesburg in January next year. I don’t really know...
The last few weeks have brought some fairly interesting predictions for 2009 to bear in CSO Magazine columns. Two recent articles caught my eye from a penetration testing perspective. In the...
(aka 2 completely unrelated topics) You can grab a free copy of the Hackin9 magazine [here] And you can view the speakers list for Ted09 [here]… /mh