Interesting post by Michael Dahn at pcianswers.com discussed (again) the difference between compliance and security. Do you know the joke about the difference between a canary? Apparently, its one...
[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of challenges and solutions [here]
and i am that idiot… Developers signed up with Apples Dev Program get to take iPhoneOS3.0 out for a spin, so that the app store can have ver3 apps when the new OS launches.. A quick download (as...
We’ve been busying ourselves with the PCI DSS in one way or another for more than a year now here at SensePost. Its been a frustrating exercise of mixed messages, politics, tokenism, mixed in with...
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different forms) and it seems like CansecWest this year has seen...
Truly tragic. We are all poorer for it.. It really was an honor and a privilege to have known him..
Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here]. I have not looked at it, but a glance at the slides implies...
Hi All We have scheduled our first Developer course for April in Pretoria, should you know of anyone in your area that would like to attend. – Hacking by Numbers – Developer Edition (28-30th...
Way back when i was a sysadmin, i recall reading a quote from one of the ATT greybeards who said something to the effect of “every competent sysadmin should be able to build his own network card”....
A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the words “Ranum is indeed much better than this..“. Ranum spoke recently at Source...
what? on April 1st???? Never!
The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing to determine if “the Payment Card Industry...
We’ve had a number of issues with reDuh and the various server versions published. Some clients worked with some versions of the server, and didn’t play nicely with others. I am happy to say that...
We have scheduled our next training course, Hacking By Numbers – Extended Edition (Bootcamp) in May 11-15th . The course runs for a full 5 days. Overview The HBN ‘Extended Edition’ is simply an...
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying...
We recently introduced some neat blizzards onto a PoC Broadview client. On tha back of Conficker, our Broadview Dashboard sports a couple of instantly available blizzards that show: 1. How many...
After some queries regarding SPUD, I thought it would be a good idea to blog this reminder: * Spud can only be run as an administrative user. * Spud cannot be run by directly accessing the .exe....
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… Herewith, part 2. All the scenarios can be downloaded from the...
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.. It seems they learnt their lesson (and found a cheap way to maintain backward...
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data Breach Investigations Report ] Its an interesting read, and although in the...
[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media and their CEO (Tony Hsieh) is as .com legendary as one gets.. (he sold...
Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not...
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact...
In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall being so excited by some passages that i typed out whole paragraphs and sent them around to...
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis...
The first one from hacker news, aptly titled “How I Hacked Hacker News (with arc security advisory)” and the 2nd, a welcome-back-to-the-blogosphere-tptacek post on the matasano blog: [Typing The...
Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The paper (and accompanying PPT), titled [Pretty-Bad-Proxy: An Overlooked Adversary in...
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just to hear [Andy Ihnatko’s] take on the industry and the (possible) motivations behind certain...
’cause theres some serious cloud computing competition on the horizon.. A google search for Cloud Provider returns the following paid ads.. Now i know conventional logic says its a bad idea to...
We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I decided to carry a message in addition to the regular demo-style talk with...