Circumventing Automated JavaScript Analysis Tools Billy Hoffman
[snip]
Next we explore multiple new techniques to circumvent the current generation of automated analysis tools by detecting their presence from inside malicious JavaScript. (JSPill? hmmmm) These methods include HTTP/browser fingerprinting, DOM testing and encrypting, Doman and Network testing, Execution environment testing, and cross plugin communication testing. We will demonstrate malicious JavaScript detecting analysis tools using these methods and refusing to give up its secrets until its running in the web browser of choice. We’ll demonstrate encrypting JavaScript to only run in particular browsers or environments. We’ll also demonstrate a couple other tricks, such as encoding malicious JavaScript as nothing but white space, and function clobbering for fun and profit.
Time to kick CaffineMonkey in the ass. Sorry Ben, I owe you a beer.
Who needs security when you have a robot? | ajc.com
Topic: Current Events
12:44 pm EST, Feb 22, 2008
Late at night several times a week, Terrill powers up the 4-foot-tall, 300 pound device and reaches for a remote control packed with two joysticks and various knobs and switches. Standing on a nearby corner, he maneuvers the machine down the block, often to a daycare center where it accosts what Terrill says are drug dealers, vagrants and others who shouldn't be there.
He flashes the robot's spotlight and grabs a walkie-talkie, which he uses to boom his disembodied voice over the robot's sound system.
"I tell them they are trespassing, it's private property, and they have to leave," he said. "They throw bottles and cans at it. That's when I shoot the water cannon. They just scatter like roaches."
OMG, I can't believe he actually built it, and I can't believe it actually works.
You now have something more to look forward to at O'Terrill's besides the fish and chips!
Put people in a crazy situation and people do crazy things
You have no right to a lawyer you have no right to witnesses You don't really know what the charges are And you certainly don't know what the secret evidence is against you
Its not about left or right, its about right and wrong
Defense Minister: How can offensive-forbidden Japan stop UFO Attack
Topic: Current Events
3:42 pm EST, Jan 22, 2008
Japan's Defense Minister Shigeru Ishiba is considering how his Self-Defense Forces could respond to an attack by space aliens while adhering to limits on military action under the country's war-renouncing Constitution.
Ishiba said yesterday a Japanese military response, such as those in the Godzilla movie series, would require legal review and said he is studying ways Japan could deal with an attack. Ishiba said his comments represent a ``personal view,'' and not Defense Ministry policy, according to the transcript of the press conference published on the ministry's Web Site.
``There are no grounds for us to deny there are unidentified flying objects and some life-form that controls them,'' Ishiba said. ``Few discussions have been held on what the legal grounds are'' for a military response.
A most interesting problem to have. I suggest building a giant robotic lizard and hiding him in a volcano until the aliens attack.
Lawyers representing Procter & Gamble send a 66-page cease-and-desist letter to British sex-toy company Love Honey, demanding that it stop using images of its Oral B electric toothbrushes to promote a product called the Brush Bunny - a rabbit-shaped piece of plastic that slips over the top of an Oral B to turn it into a vibrator.
A September court document from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.
... uhhhhh... ... Must go now. [begins shredding]
Hushmail uses industry-standard cryptographic and encryption protocols (OpenPGP and AES 256) to scramble the contents of messages stored on their servers. They also host the public key needed for other people using encrypted email services to send secure messages to a Hushmail account.
The first time a Hushmail user logs on, his browser downloads a Java applet that takes care of the decryption and encryption of messages on his computer, after the user types in the right passphrase. So messages reach Hushmail's server already encrypted. The Java code also decrypts the message on the recipient's computer, so an unencrypted copy never crosses the internet or hits Hushmails servers.
In this scenario, if a law enforcement agency demands all the e-mails sent to or from an account, Hushmail can only turn over the scrambled messages since it has no way of reversing the encryption.
However, installing Java and loading and running the Java applet can be annoying. So in 2006, Hushmail began offering a service more akin to traditional web mail. Users connect to the service via a SSL (https://) connection and Hushmail runs the Encryption Engine on their side. Users then tell the server-side engine what the right passphrase is and all the messages in the account can then be read as they would in any other web-based email account.
The rub of that option is that Hushmail has -- even if only for a brief moment -- a copy of your passphrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail's servers can get at the passphrase and thus all of the messages.
The following is your Speaker's practical guide for Black Hat Japan. Attached you will also find a PDF with helpful instructions regarding your arrival in Japan. If you have any questions, never hesitate to Ask. Thank you.
...
Plan on speaking at about one third your normal pace.
...
Talk style and difference of language structure Japanese sentence structure is different than English. English is Subject-Verb-Object, but Japanese is Subject-Object-Verb. This means the translator needs to hear the complete sentence before they can translate it.
...
If they never get a chance to breathe, you are talking too fast. With these reasons, especially "Machine gun Talk" or "Elevator Pitch" type of talk style will fail completely.
Wow. This is going to be tough.
[At Bluehat, during Jeff Forristal's presentation] Caleb: Thats' how fast you talk Me: Really? Are you kidding me? Caleb: Yep, that fast. And with hand gestures. Lots of hand gestures
