Unrestricted Warfare (超限战, literally "warfare beyond bounds") is a book on military strategy written in 1999 by two colonels in the People's Liberation Army, Qiao Liang (乔良) and Wang Xiangsui. Its primary concern is how a nation such as China can defeat a technologically superior opponent (such as the United States) through a variety of means. Rather than focusing on direct military confrontation, this book instead examines a variety of other means. Such means include using International Law (see Lawfare) and a variety of economic means to place one's opponent in a bad position and circumvent the need for direct military action.

PDF of book. Look at Network attacks. Frame this with how the DoD is reporting the PLA has been screwing with our networks over the last few years.

Unrestricted Warfare (book)

Casper and Butterscotch, you are so fat and fuzzy! [kiss kiss kiss]... ... DAMN!

You're a Kitty!

Ajax Security is out and the feedback I'm getting is incredible.

Andrew van der Stock The Executive Director of OWASP reviewed a draft of Ajax Security and here is what he had to say about it:

If you are writing or reviewing Ajax code, you need this book. Billy and Bryan have done a stellar job in a nascent area of our field, and deserves success. Go buy this book.

Is it just a re-hash of old presentations? No. The book breaks some new ground, and fills in a lot of the blanks in all of our presentations and demos. I hadn’t heard of some of these attacks in book form before. The examples improved my knowledge of DOM and other injections considerably, so there’s something there for the advanced folks as well as the newbies.

I really liked the easy, laid back writing style. Billy and Bryan’s text is straightforward and easy to understand. They get across the concepts in a relatively new area of our field.

The structure flows pretty well, building upon what you’ve already learnt ...
there is advanced stuff, but the authors have to bring the newbie audience along for the ride.

Billy and Bryan spend a bit of time repeating the old hoary “no new attacks in Ajax” meme which is big with the popular kids (mainly because their products can’t detect or scan Ajax code yet and still want money from you), and then spend the rest of the book debunking their own propaganda with a wonderful panache that beats the meme into a bloody pulp and buries it for all time.

Web security guru dre offers up this review of Ajax Security:

It’s quite possible that many Star Wars Ajax security fans will be calling Billy Hoffman, the great “Obi-Wan”, and pdp “Lord Vader” to represent the “light” and “dark” sides that is The Force behind the power wielded by Ajax.

The book, Ajax Security, covered a lot of new material that hadn’t been seen or talked about in the press or the security industry. The authors introduced Ajax security topics with ease and provided greater understanding of how to view Javascript malware, tricks, and the aberrant Java... [ Read More (0.2k in body) ]

Ajax Security Book Out! Awesome buzz!

All the SPI folks are in our new office and all of SPI senior management that used to have offices now has cubes like the rest of us.

I was up above it.
I was up above it.
Now I'm down in it
I was up above it.
I was up above it.
Now I'm down in it
-Nine Inch Nails, Down in it

Lawyers representing Procter & Gamble send a 66-page cease-and-desist letter to British sex-toy company Love Honey, demanding that it stop using images of its Oral B electric toothbrushes to promote a product called the Brush Bunny - a rabbit-shaped piece of plastic that slips over the top of an Oral B to turn it into a vibrator.

Toothbursh... or Sex Device?

Start: 2007-12-15 18:00
End: 2007-12-15 23:59
Timezone: Etc/GMT-5
Location: Vortex, Atlanta

That's right kids, it's that time again. SantaCon is coming!!! I've seen the pics from the last few years and have to say, Yall do it right!!!! Just to remind everyone, I have listed the rules for SantaCon again. There is no Santa in charge to call. If you can't show up for the start, get the phone number of someone who can help you catch up later.

1 AGAIN! Santa does not make children cry. Really - If you see kids, give them nice toys, candy, or something pleasant. Parents and Tourists are a different matter altogether -- adjust based on their attitude.

2 Santa dresses for all occasions. It's December. Smart Santas wear mutliple costume layers. Dress to maximize merriment whether singing christmas carols in the snow, or swinging from a stripper pole.

3 Santa doesn't whine! We will be outside alot and commuting mainly on foot -- bring enough "snacks" to keep your pie-hole filled until we get indoors.

4 Bring gifts -- NAUGHTY gifts to give grown ups; NICE stuff to give kids. Throwing coal at people is discouraged no matter who they are. YES THAT INCLUDES POLITICIANS

To my west coast homies who think Atlanta is boring, I present to you SantaCon. Dan, trade in you 1337 limo races. Peter, set down those urban golf clubs.

Embrace the joy of the Santa-themed pub crawl.

Atlanta SantaCon

Jello wrote:

function show_props(obj, obj_name) { var result = "" for (var i in obj) result = obj_name "." i " = " obj[i] "\n" return result; }

Super convenient when peeps don't document their objects.

You can do this on the window object and you get all global objects. This means all global variables and all the user-defined functions! You can valueOf() on the function object to extract the source code! valueOf() even automatically inserts the appropriate whitespace and indenting for you to easily read the code You can recurse down objects and check their childern so this handles JavaScript "names spaces" as well.

Hook this up to a setInterval() call and you can also perform runtime monitoring of the JavaScript environment! On-demand Ajax?, no problem! With firebug, you have the JavaScript equivalent of "View Source." With this method, you have the JavaScript equivalent of "View Generated Source!"

Super convenient when peeps don't document the Ajax applications you are hacking!

Take a read of Chapter 7 of Ajax Security. Bryan and I wrote a JavaScript tool called HOOK which does this very thing! On-demand monitoring and hijacking of JavaScript functions! Even better, it's cross browser. Oh Yeah!

In the interest of disclosure, websec guru Amit Klein came pretty close to this in 2006. He discovered the joy of valueOf() but didn't take the next step of how to discover/enumerate all the user-defined functions in the JavaScript environment.

List all properties the entire JavaScript environment!

When did "message" become a verb? I was in a meeting today with fancy uses of "message" such as "I'll message that information" or "Who will be messaging this?"

Does anyone else find this silly?

UPDATE: It really is a Verb!

Not much for the smiley to cover in -103 degrees Fahrenheit

The Loneliest Place on Earth (for your balls)

Virgil made the list with Wikiscanning. Congratulations, Virgil!

(Interestingly, one of the other ideas was also one Virgil came up with a few years ago, but didn't pursue perhaps due to discouragement from several friends.)

Actually, Virgil's idea was to create www.suicidenotes.cx so people wouldn't find your note before you killed yourself. Revenue models included creating, and I shit you not, a coffee table book of suicide notes.

It was one of the most surreal conversations I have ever had in my life: Strick and I sitting in the student center at Georgia Tech trying to explain to Virgil that this was a bad idea.

This was back in Summer 2003 or so. Got to give my partner-in-crime credit, he's a visionary!

Things that were not to be: suicidenotes.cx