-Ray has concerns that this is risky because it is more like a waterfall process. Kevin indicated that we will hybridize the waterfall and agile approaches by wrapping the sprints with up-front JADing to create functional specification(s) and with stabilization at the end. This is like a scrum sandwich. Or as someone cleverly pointed out waterscrumfall. (I’m just trying to see if anyone actually reads these things word for word).

-Kevin asked me to type up the meeting note because I did such a good job of it yesterday. I’m pretty sure he just didn’t want to type it himself.

Does anyone here read Vietnamese?

Very simple: chi can up 5 file (index.html va 4 file .php) len 1 host support php
Vao trinh duyet, mo duong dan toi file index.html
Cach khai thac loi thi xem nhu trong video demo

========================================
Uu diem:
- Code run tren host, nen Victim site se ko the biet IP cua may minh khi minh xploit
- Co the xploit moi luc moi noi. Chi can google tim link victim va run code da up san tren host cua minh
- Toc do xploit cuc nhanh
- Co the query mot luc so luong lon CC (hang chuc ngan cung ok)

This is the readme file for a PHP based SQL injector that's part of a sploit kit.

Ever read a book (required or otherwise) and upon finishing it thought to yourself, "Wow. That was terrible. I totally feel dumber after reading that."? I know I have. Well, like any good scientist, I decided to see how well my personal experience matches reality. How might one do this?

Well, here's one idea.

1. Get a friend of yours to download, using Facebook, the ten most popular books at every college (manually -- as not to violate Facebook's ToS). These ten books are indicative of the overall intellectual milieu of that college.
2. Download the average SAT/ACT score for students attending every college.
3. Presto! We have a correlation between books and dumbitude (smartitude too)!

Books <=> Colleges <=> Average SAT Scores

4. Plot the average SAT of each book, discarding books with too few samples to have a reliable average.
5. Post the results on your website, pondering what the Internet will think of it.

The best parts of conversations with Virgil is that occasionally you pick up on subtle jokes. Other times they completely fly by you and Virgil has to come out and tell you what your missing:

Legions of Literature majors harangued about Lolita's categorization as "Erotica" instead of "Classics". Fine. I've already updated the entry and rankings. Tomorrow I'll make a new version of the images with Lolita in "Classics". You all lack any sense of humor.

Booksthatmakeyoudumb

This pizza is like crack. Made by Russians no less! To bad delivery is slow but its on the way home for pickup. When you don't feel like cooking. Like tonight. When its cold. You've had a long day. And the wolves are after you.

Laura's Pizza, Roswell

The first drive-by pharming attack has been observed against a Mexican bank: “It’s associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,” says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it.

Will someone finally take CSRF vulnerabilities seriously now? "Utter horror show" is an accurate description of the security status of most router's web interfaces. The Linksys box sitting next to me has an CSRF vuln that allows you to reset the WEP key. Unacceptable.

First case of "drive-by pharming" identified in the wild - Network World

ASP.NET does not push any JavaScript in a response if the request does not have a User-Agent header. This is most likely from that built-in "Capabilities" info available on the incoming Request object.

Interesting, and annoying. webClient.Headers.Add("User-Agent",...) to the rescue!

You can now preview your posts before submitting them. Please let me know if you run into any problems with this.

Preview added to MemeStreams!

... are fucking rockstars.

I've been exercising my new found privileges as an Addison Wesley author (getting free books) and have been burning through Subverting the Windows Kernel and... just... wow. I'd look at the FU rootkit before but the intricacy of it all was somehow lost on me at the time.

Now I'm starting to understand the little smile that comes on Jamie's lips when I start talking about stealthy JavaScript dynamically hooking user actions over drinks in a nightclub out in Vegas.

Damn.

I'm pleased to say we hired Sullo, the creator of Nikto. I assure you, it had nothing to do with his considerable web security knowledge, but solely so he wouldn't sue my ass for the Jikto logo.

Couple this with hiring RFP last year, and we are almost done absorbing all the early web security tool creators into the HP Security Labs collective. Hmmm, I wonder if the Sensepost guys can work remote from South Africa? ;-)

... and I'm too cosmopolitan to take Billy's phone calls (while on vacation)