| |
| Current Topic: Miscellaneous |
|
|
|---|
| Topic: Miscellaneous |
3:00 pm EDT, Oct 19, 2009 |
I was just told to "not worry about" all the SSL and SSH cert violation warnings I'll see while using the network at a client's site. Its because they "have uber security." ... You mean not worry you are man in the middling all of my traffic? [grrrrrrrrrr] |
|
Its like hiring Beethoven |
|
|
|---|
| Topic: Miscellaneous |
2:38 pm EDT, Oct 19, 2009 |
Its like hiring Beethoven to teach a 3 year old to play piano, and when Beethoven gets there he finds no piano. But he's told they might soon have a trumpet. Maybe. In like 3 weeks. Can he teach the trumpet instead? [sigh] Today is not a good day. |
|
HAR - Http ARchive File Format |
|
|
|---|
| Topic: Miscellaneous |
10:03 am EDT, Oct 19, 2009 |
This document is intended to describe structure ofa HTTP Archive file (*.har) that should be used when exporting data from Firebug Net panel. The current version of the format isn't finalized and is open for further proposals.
This is sexy. I hope this gets adopted. Importing HTTP capture data from all the different tools is a pain in the ass. The best I've found is Web Scarab, which can export/store captured HTTP traffic requests and responses as simple flat files with the raw HTTP. Many of the capturing proxies and web security tools have flaky export as best, or export into a encrypted, undocumented format (*cough*SPIProxy*cough*). The ones that do export to a plain text typically fail on binary responses or gzipped responses as soon as they hit an unprintable ASCII character. Of the few remaining many will export a normalized version of the response, where GZIP is undone and responses are dechunked and HTTP header order has been normalized. Need to look at this more. Already see some potential issues and have some questions about this JSON format. -Is order preserved? headers? postdata? query strings?
-What about nameless/valueless params? (http://site.com/foo/php?sorted&grouped)
-Multiple forms in post data? HAR - Http ARchive File Format |
|
Get the right gear at least! |
|
|
|---|
| Topic: Miscellaneous |
10:28 am EDT, Oct 16, 2009 |
But the point is, Crackhead, that you have done me wrong. Now, I get that you love crack. That is totally understandable. I've heard it is really fun, at first, and quite addictive. What I don't understand is, YOU ARE A CRACKHEAD. WHY DON'T YOU OWN A CRACKPIPE? I am an engineer. Do you ever see me shaking down bums in the Loin for a calculator and sliderule? No, you don't. Because engineering is the main thing I do, I went and bought myself a calculator.
This is hysterical. Get the right gear at least! |
|
EFF representing Memestreams again DMCA attack from TI |
|
|
|---|
| Topic: Miscellaneous |
2:22 am EDT, Oct 14, 2009 |
The EFF is representing Tom against TI their DMCA takedown filed against Memestreams. The crux of this letter from the EFF to TI was the same point many of us were discussing on Memestreams the very day the DMCA notice was served: The TI signing key that was cracked does not protect access to copyrighted material. This is not the same thing as using DeCSS to decrypt the contents of DVDs on a unauthorized and unlicensed devices. That would be circumventing an encryption method (CSS) used to protect copyright material (the film on the DVD). That *would* be a violation of the DMCA. Just go ask 2600 about that... But that's not whats happening in this case. The TI signing key allows software written by anyone to run on TI hardware that someone owns. The TI hardware checks the signature (created by signing key) of any software it tries to run. Now that the signing key has been published anyone can run new, non-TI software on TI hardware they have ownership of.This is not a copyright issue in anyway, shape, or form. The DCMA does not apply. This (among other things) is what the EFF is asserting. Frankly, that's fairly obvious, cut and dry. Having been on the receiving end of a DMCA threat and the countless other cases where baseless DMCA claims are used to shut smart people up, I'm optimistic that the EFF will prevail. But that's not what's interesting. What *is* interesting are the legal issues around private keys. Is a private key a trade secret? A 3rd party, through no illegal act, who independently discovers the a trade secret can utilize or publish that secret. Only we aren't talking about the Coca-Cola formula here. Public and private keys are mathematically linked. You can derive a private key, given a public one. It just can be very very (infinite grains of sands on a beach) hard. Or not. As in the TI case. You can't patent a private key, that kind of makes it public. ;-) So what do we do? Does there need to be some new kind of IP protections beyond traditional ones like patents, trademarks, and trade secrets? Are massive efforts to compute a mathematical value legal? Is it based on what that value protects or unlocks? Is it based on the intent of the people who derive the value? Homebrew software developers vs. Blueray crackers? While I hope this matter is resolved quickly for Tom's sake, I would like to see some of these other legal issues addressed. EFF representing Memestreams again DMCA attack from TI |
|
|
|---|
| Topic: Miscellaneous |
3:29 am EDT, Oct 9, 2009 |
I love seeing HTML comments like <!-- inserted per Pat Aug 13 2008. Don't touch --> |
|
|
|---|
| Topic: Miscellaneous |
1:05 am EDT, Oct 9, 2009 |
Here is some fun, a Ning ad spammer. Someone popped this website threw this up, most likley due to the web server's IP and upstream connection. Hint: You can find a ton of compromised web servers by doing goggle searches for odd Cookie names. Found this looking for info on Ning's "xn_visitor" cookie. They turn up in the NEtscape cookie files that Curl creates and Google somehow indexes them. http://www.nightstarproductions.com/lolmoney/ Fun: Ning Spam Kit |
|
|
|---|
| Topic: Miscellaneous |
12:42 am EDT, Oct 9, 2009 |
CARLSBAD, Calif., Oct. 7, 2009 — Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced it has secured $5 million expansion financing from existing investor Sid R. Bass Associates. Funds will be invested in Breach’s product development and to further market expansion efforts.
WAFs don't die. They just fade away into more rounds of funding. Breach keeps kicking |
|
Disable Automatic Folder Type Discovery for Templates in Vista |
|
|
|---|
| Topic: Miscellaneous |
11:04 pm EDT, Oct 8, 2009 |
Thank god for this Article. I recently got a laptop with Vista. After turning of UAC and a few other tweaks it was usable. However Windows Explorer under Vista is so very very painful, and the "Folder Types" feature absolutely sucked. Now I am free of it, and will not have to harm this bunny rabbit. Disable Automatic Folder Type Discovery for Templates in Vista |
|
Calling Johnny Isakson and Saxby Chambliss |
|
|
|---|
| Topic: Miscellaneous |
9:59 pm EDT, Oct 8, 2009 |
This is absolutely mind boggling. In 2005, Jamie Leigh Jones was gang-raped by her co-workers while she was working for Halliburton/KBR in Baghdad... Jones was prevented from bringing charges in court against KBR because her employment contract stipulated that sexual assault allegations would only be heard in private arbitration.
I simply do not understand how this is even possible. Obviously a civil contract between 2 parties cannot prevent a district attorney from calling a grand jury and seeking an indictment. However he/she probably would not do so without the victim's testimony. Surely it is not possible to waive your right to speak at a trial? Has a judge ever order a rape victim to appear in court or give testimony? Sen. Al Franken (D-MN) proposed an amendment to the 2010 Defense Appropriations bill that would withhold defense contracts from companies like KBR “if they restrict their employees from taking workplace sexual assault, battery and discrimination cases to court.” On the Senate floor, Sen. Jeff Sessions (R-AL) spoke against the amendment, calling it “a political attack directed at Halliburton.” In the end, Franken won the debate. His amendment passed by a 68-30 vote, earning the support of 10 Republican senators including that of newly-minted Florida Sen. George LeMieux.
Who in their right fucking mind would vote *against* an amendment like this? It not as if these senators voted against a bill that already had this amendment because the bill also had another utterly insane amendment they could not in good conscience vote for. These people voted against the amendment. I mean really. This is not about right vs. left. I don't give a fuck if its the lame-duck Dems scoring points off a defense contractor. Be the better man. Corporations should not be allowed to place forced arbitration clauses into employment contracts for cover any type of violent criminal offense. Period. End of discuss. 30 fucking percent of those who represent the American people voted against this? Just let that sink in. ... Both Johnny Isakson and Saxby Chambliss, the 2 senators from Georgia voted against this ammendment. I will be calling their Washington offices tomorrow to express my shock and outrage. Please feel free to do the same: Johnny Isakson: 202-224-3643
Saxby Chambliss: 202-224-3521 Calling Johnny Isakson and Saxby Chambliss |
|
