| |
| I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
|
|---|
| Topic: Society |
3:10 pm EDT, Oct 24, 2007 |
Modern "security" poster for the UK Poster from IBM's German subsidiary Dehomag which roughly translates to "Watch everything with a Hollerith." Dehomag sold equipment to the Nazis to power the logistics of Holocaust. Everything old... |
|
|
|---|
| Topic: Miscellaneous |
3:48 am EDT, Oct 24, 2007 |
I'm in Japan and got to the hotel. I was on a plane for 14 hours. Its about 5pm here but my laptop clock (Still on EST) says 3:45am. I think my head is going to explode from sleep dep, but I know if I crash before 8pm or 9pm, I'll be screwed up for tomorrow. I keep asking for Red Bull, but people just smile and say "so-sorry." :-( :-( [REDBULL] ) :-) Why can't I get to stage 2? |
|
W3af: Web Application Attack and Audit Framework |
|
|
|---|
| Topic: Technology |
11:19 am EDT, Oct 19, 2007 |
Caleb and I joke that the conference talk we most want to give, but (for various legal reasons) will never be able to give, is how to write a modern web scanner. This architecture looks a lot like what we would discuss. But, as always, there are things that are essential that it fails to address (so far) -Manual JavaScript? Can a brother get some Spidermonkey?
-Captcha?
-Flash? Anyone?
-Two factor? I need to take this for a spin. Multiple threads, authentication, log out detection, URL aliasing, transparent proxies, load balancers, and thread management are either not mentioned or are *way* too glossed over in the presentation. These are things people think are easy that become Hard Problems(tm) when scaling to enterprise environments. If you are fingerprinting with HTTPrint you have a lot to learn. The nod to client-side static analysis of code was nice and sounded very familiar... [looks at open Visual Studio currently in debugging]... very familiar indeed... Keep your eye on this project. W3af: Web Application Attack and Audit Framework |
|
|
|---|
| Topic: Miscellaneous |
2:36 pm EDT, Oct 15, 2007 |
On Oct 15, 2007, k wrote: TOM DOMINATES TIME! TIME IS HIS BITCH! On Oct 15, 2007, at 2:26 PM, tom@memestreams.net wrote: > What is a spotter/time master? Do i get to travel through time or am I
> mearly responsible for doing beurocratic things related to time
> measurement? |
|
Why I'm going to Phreaknic |
|
|
|---|
| Topic: Technology |
1:30 pm EDT, Oct 15, 2007 |
PhreakNIC 0x0b PhreakNIC is an annual gathering in Nashville, TN, for hackers, makers, security professionals, and general technology enthusiasts. Hours upon hours of both informative and entertaining presentations are given by volunteers and many areas are set up with the intent of encouraging socialization. In our 11th year, we are now the longest running non-commercial hacker convention in the United States.* PhreakNIC is organized by the Nashville 2600 Organization, which is a 501(c)(3) tax deductible charity. However, it takes many resources to organize, and help is given to PhreakNIC by other 2600 groups in the South East United States, as well as the Nashville Linux Users Group. Our thanks go out to all who contribute.
Phreaknic is this weekend in Nashville. If you have never been to Phreaknic before, or a hacking conference, or are getting burned out on some of the other security conferences I encourage you to make the drive to Nashville and come see the show. I've gone for the last 5 years and it is, without a doubt, my favorite small conference. I love going to Phreaknic because: Its a hacker conference
Let face it, when you are eating freshly sliced roast beef and drinking at a open bar on Microsoft's tab, you are not at a hacker conference. There is a certain air of authenticity about a conference room full of ugly gray towers covered in peeling stickers with CRT monitors lighting the faces of a group of people huddled around it, typing excitedly on a keyboard. I sure love me my big east and big west cost cons, but most of them replaced this feeling long ago with sponsor tables and free bottled water. And there is something a little sad about that. It's small.
This is good for many reason. First, you can easily meet up with people which is the big reason I go to cons. The speaker rooms aren't all over the place. Lunch trains don't end up being 20+ people. I'm not standing on a stage in front of 400 people with a good 30 feet between be and the front row. I don't have blinding lights in my eyes. I can see the crowd. I can talk with them, not at them. It's cheap
I haven't paid to attend a hacker conference, in, well, I can't think of a time. However I do remember being a poor college student saving money so I could fly to NYC for Hope or to San Diego for Toorcon. I remember Tom or Mike or Matt giving me a place to crash on floors and couches and flea bag motels. I remember being poor and getting poorer to go to a conference. Phreaknic's price doesn't prohibit the smart (but poor) from attending and expanding their horizons and they should be saluted for that. There is one track
I don't have to sacrifice one talk to see another. And if I happen to miss a talk, I can always find the speaker and chat with them. Plus, all the talks are broadcast live over the hotel's TV system into every room. Speaker Love... [ Read More (0.2k in body) ] Why I'm going to Phreaknic |
|
Slashdot to Bloggers: No one cares! |
|
|
|---|
| Topic: Miscellaneous |
12:42 pm EDT, Oct 15, 2007 |
aroberts writes "Today is Blog Action Day which means that lots of bloggers will be writing on one general topic for one day in an attempt to see what might be achieved through coordinated posting, and I am one of them so my humble contribution amongst the hundreds of thousands is entitled individual action is not enough. The topic for this year's blog action day is the environment." You can almost hear the sound of the vacuum created by bloggers thinking that their words matter when the people with control don't even know how to read the tubes. Lick a stamp or march- that's harder to ignore
Awesome! |
|
Optional Semicolons in JavaScript. |
|
|
|---|
| Topic: Miscellaneous |
2:56 pm EDT, Oct 11, 2007 |
Optional semicolons in JavaScript makes baby Jesus (and parser writers) cry. I'm getting real cozy with section 7.9.1 today... |
|
And you thought O'Hare was a bad name... |
|
|
|---|
| Topic: Technology |
9:30 am EDT, Oct 10, 2007 |
School: Did you really name your son Robert'); Drop Table Students;--?
Mom: Oh. Yes. Little Bobby Tables we call him
School: Well, we've lost this year's student records. I hope your happy.
Mom: and I hope you've learned to sanitize your database inputs. HAHAHA! Sweet. To be fair, you shouldn't sanitize user input, you should validate it. update 10/11/07: Someone posted this to the webappsec mailing list. And you thought O'Hare was a bad name... |
|
Wind Turbine in Grant Park |
|
|
|---|
| Topic: Local Information |
5:42 pm EDT, Oct 9, 2007 |
The 49-year-old residential developer is remodeling his 1920s house to be more environmentally friendly, including installation of a 45-foot-tall wind turbine in his front yard. "It's really none of their business how I spend my money," Mann said. The towering turbine, which overlooks majestic trees and Victorian rooftops, pits preservationists in Atlanta's Grant Park Historic District against a property owner and his individual rights. "It's unattractive and it's a nuisance," said Scott Herzinger, whose home is three doors down. Mann "invaded the public view ... when he put that tower up." At a cost of $15,000, Mann said the turbine will shave at least $20 per month off his power bill -- hardly a windfall. A proposed federal tax credit would bring Mann $3,000. Acknowledging it could be decades before his investment pays off, Mann said, "even if it was a 50-year payback, at least we've done something to reduce our dependency on fossil fuels." Herzinger blames Atlanta, which "let us down miserably" when zoning officials sided with Mann. Said Mann, "If regulations for historic preservation don't address modern-day issues, then they're not very sound." But Herzinger, 48, who shares Mann's support for wind power, said Mann could have considered many alternatives which would have helped the environment more than the turbine. "After looking at the facts, it doesn't seem unreasonable to think of Mann's wind turbine as eco-bling."
It is Mann's property and its not against building regulations. And who cares whether it is cost effective or not or if you think Mann could have done alternatives or not. He decided to build a wind turbine. It highly visible and serves as a catalyst for discussion about engery policy in a way that filling his home with compact fluorescents won't do. Good for Mann. Booo on cranky Atlanta home owners. Wind Turbine in Grant Park |
|
Can you hear me now? Yoi! |
|
|
|---|
| Topic: Current Events |
4:07 pm EDT, Oct 8, 2007 |
The following is your Speaker's practical guide for Black Hat Japan.
Attached you will also find a PDF with helpful instructions regarding your arrival in Japan. If you have any questions, never hesitate to Ask. Thank you. ... Plan on speaking at about one third your normal pace. ... Talk style and difference of language structure Japanese sentence structure is different than English. English is Subject-Verb-Object, but Japanese is Subject-Object-Verb. This means the translator needs to hear the complete sentence before they can translate it. ... If they never get a chance to breathe, you are talking too fast. With these reasons, especially "Machine gun Talk" or "Elevator Pitch" type of talk style will fail completely.
Wow. This is going to be tough. [At Bluehat, during Jeff Forristal's presentation]
Caleb: Thats' how fast you talk
Me: Really? Are you kidding me?
Caleb: Yep, that fast. And with hand gestures. Lots of hand gestures |
|
