zondag 30 maart 2008

If you are going to be late, come with flowers.

Samsung phones look nice, feel good and are populair.

A crying shame is the absolute lack of OSX support. No sync for most of them via iSync and a bunch of self hacked config files to make is sort of work.

Shame on samsung, my money is going elsewhere.

zaterdag 29 maart 2008

People that change the way we persive the world.

Roelof Temmingh & Chris Böhme

http://www.paterva.com

Maltego, Maltego will change the [online] world as we know it. What google once did to searching Maltego will do to finding.

Currently all that is being shown & displayed is fast amounts of data: exactly the thing that computers like and do a good job with, but unusable for humans. Enters Maltego. Maltego will take a seed [individual's name, a domain name, email address, whatever] and finds related data, just like everybody and his dog does.

But then the 'post processing' starts, and Maltego will show it's muscle: based up some smart correlating and weighting, it will show you the results it found, in a graphical way, in a nice patern. In comes the thing we humans do good: patern regonision. We excel at seeing paterns and since Maltego excels at displaying it, we now have a man-machine combination.

Give me some time and I'll show you...

http://www.paterva.com/web2/maltego/maltego.html

vrijdag 28 maart 2008

In the end, Joe 6-pack decides...

More later.

"It's better to ask for forgivenes then to ask for permission" anon

"We do not want our _users_ to break the EULA" Roelof Temmingh

"We rely on the inteligence of our router to play nice. Even if we know hop 5 is not playing "nice" with our packets, there is nothing we can do but stop... that sounds like DoS to me" FX

"Nobody uses the latest version of IOS. It is "banana" software: it ships green, and after it lays a long time at the customer, it gets yellow and eatable :P"

"In 12.4 they create heap logs in the data section, since it has space after loading"

"Uncompressing data in READ ONLY memory & writing it back.. because we can!"

"A problem with IOS is that you can not find what was wrong 5 minutes ago, if the processes start behaving good again"

CIR is a cool tool under development.

"Law-full interception: the government snooping IOS, what do you know about it?"

"It enabled us to see if & what is wrong, or that we have plenty time to replace everything with Juniper boxes :D"

"Software that needs to parse large numbers of formats are potentialy dangerous [think AV, Indexing software, media players]"

"Media parsing should be done sandboxed"

"Media files|streams are as dangerous as any other zip file"

dinsdag 25 maart 2008

BlackHat: hacking by numbers

So, two guys from sensepost are doing this training on hacking by numbers.

Interesting stuff, it basically boils down to: get as much as possible information on your target. Do this by utilizing public sources [think google [link:], netcraft, ARIN, msn.livesearch.com [ip:], kartoo.com and the likes] and reverse the pointers you find there. See what else is hosted on these IP addresses, see what other domains are registered and|or linked. Check for 'backlinks' that might indicate strong ties between companies.

And keep doing the:
:start
Single domain
Expand
Lots of domains
Reduce
Find what we really need
goto start

Both Nick & Jeremy keep saying: "Remember, domain names are IP addresses and IP addresses are points of attack"

Last but not least:
Find out private information of key individuals for social engineering.

Oh and for our hosts, this is for you :D


Peeps & posts [from] here:
Nathan McFeters
Petko D. Petkov
PortSwigger & Marcus
Mikko Hyykoski
Sandro

And some who are not:
Dimitri Sklyarov

maandag 24 maart 2008

WRT54GS + MESH + SOLAR == cool

I got a bunch of Linksys WRT54GS [version 4] laying around. Got a decent Internet pipe too. Got some altitude available. No AC power where I need it.

So.

Sveasoft I like as replacement firmware, and they released a MESH version.
There are plenty of people who attempted to run a WRT of of solar.

Soon my SSID will popup all over :P

Power consumption and solar needs

vrijdag 21 maart 2008

The book thief

So, I read the book, "The book thief" [and so should you!].

I'll drink the wine:
Montepulciano D'Abruzzo
that is Red
and TRebbian D'Abruzzo
that is white

What's next?

donderdag 20 maart 2008

Inside the Twisted Mind of the Security Professional

Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.

I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."

Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.

SmartWater is a liquid with a unique identifier linked to a particular owner. "The idea is for me to paint this stuff on my valuables as proof of ownership," I wrote when I first learned about the idea. "I think a better idea would be for me to paint it on your valuables, and then call the police."

Really, we can't help it.

This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don't have to exploit the vulnerabilities you find, but if you don't see the world that way, you'll never notice most security problems.

[...]

The security mindset is a valuable skill that everyone can benefit from, regardless of career path.

woensdag 19 maart 2008

maandag 17 maart 2008

If remittances brought development, Mexico would be Switzerland.

It isn't, still the global sums now exceed $300 billion a year. India ($27 billion), China ($26 billion) and Mexico ($25 billion) are the leading beneficiaries. Some small countries increasing their national incomes by more than 20 percent. Egypt gets more from remittances than it does from the Suez Canal.

But when I ask you to name a single country that has developed through remittances: the answer is no — there's none.

zondag 16 maart 2008

Open Source, what would live be without it?


SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access control solution provides you with a means of securely accessing intranet applications and resources using a standard web browser.

No client-side software needs to be installed on your user's systems and maintenance is centralised and simple. SSL-Explorer relies on the ubiquitous Java™ web technology and hence requires just a standard web browser to take advantage of full remote access. Network traffic can be tunnelled through the SSL connection with ease and your email and intranet web/file resources are securely accessible from outside the corporate network with just a single firewall configuration required post-installation.

Now you can carry your favorite computer programs along with all of your bookmarks, settings, email and more with you. Use them on any Windows computer. All without leaving any personal data behind.

PortableApps.com provides a truly open platform that works with any hardware you like (USB flash drive, iPod, portable hard drive, etc). It's open source built around an open format that any hardware vendor or software developer can use.

The Portable Apps Suite™ is free. It contains no spyware. There are no advertisements. It isn't a limited or trial version. There is no additional hardware or software to buy. You don't even have to give out your email address. It's 100% free to use, free to copy and free to share.

zaterdag 15 maart 2008

DE RIDDER

de ridder bekende ruiterlijk
dat hij niet ridderlijk was
maar ruiter

de ruiter bekende ridderlijk
dat hij niet ruiterlijk was
maar ridder

dinsdag 11 maart 2008

You might not know who is right, but you always know who is the boss

Today gotta be one of the blackest days of my live.

You know, one of those days that you anticipated, that you knew was coming, that was inevitable.

One of them days you had thought of, prepaired for, and applied "your worst case scenario solution book" to, a thousand times.

One of them days you saw coming, and you knew would bring hell on earth, but you live by the coercion or escalation domination doctrine.

The day that you would be as sharp as a raisor. Clean. Ready. Just. And most of all: do the right thing.

The day you'd have G*d on your side.

But then s|he took a day off and you tripped, of balance. And somehow things got really out of hand. You lost control over everything. You:

Used the wrong words.
Fcuked up the timing.
Lost the oversight.
Held the book upside down.
Wet your pants.

Today, march 11th, will go down in my history book as the day that was and should not have been.

maandag 10 maart 2008

FireFox FullScreen on OSX

I knew I should have pushed the publish button.

Start FireFox, create a new bookmark [I like it on the bookmarktoolbar], enter a goodname [FullScreen seems nice] and enter this line of code:

javascript:self.moveTo(0,0); self.resizeTo(screen.availWidth,screen.availHeight);


Et voilla: Sarah got her fullscreen browser!

zondag 9 maart 2008

Video on the iPhone? SURE!

Get handbrake and set the preset to iPhone/iPod touch.
It's smaller and optimized for the iPhone native resolution.

Enjoy!