I am a hacker and you are afraid and that makes you more dangerous than I ever could be.
Apple - iPhone - Rate Plans for iPhone
Topic: Miscellaneous
5:54 pm EDT, Jun 26, 2007
f you’re already an AT&T customer and want to keep your current voice plan, you can just add an iPhone Data Plan with unlimited data (email and web) and Visual Voicemail for just $20 per month.
Sweet! I want to buy an iPhone but I was /still am worried how they might dick over existing customers.
Also, you are missing the other part of Jikto, which is the command console - which was basically exactly the same as Jeremiah's code (it might have even been the exact same - I'm not sure without looking at it).
I've heard some silly claims before, but wow. I get my chops busted for Jikto, and then get my chops busted again because someone thinks I'm doing it with someone else's backend code?
What's annoying about this is the way I'm guilty until proven innocent. A command console thats "basically exactly the same" and "might have even been the exact same?" Nevermind the fact that the Jikto webcast clearly shows how the captured data is shipped to the collecting web server web server and in addition to this video these screenshots show this data is displayed in a UI. So if by "exactly the same" you mean captures data and outputs it then yes they are the same. By this logic it is "basically exactly" the same as a telegraph too.
The webcast and all this info was publicly posted over two weeks before this silly claim was made. That really leaves me at a lost. I certainly hope this is a misunderstanding and that RSnake isn't trying to knock down someone who just happens to work at a company who competes with his friend.
Of course, HP bought SPI and HP apparently competes with everyone. That's right Berners-Lee, it's go-time!
Jill and I are starting to shop for a house. Having lived in a house with a scary basement including a room we affectionately deemed "the murdered children room"* this comic presents a very real and legitimate fear.
* - 6x5 room, covered with falling down acoustic tiles, drain in the floor, no windows, and it locked from the outside... Seriously, that basement was freaky. Ask anybody.
Found a copy of Jose Nazario CanSecWest presentation where he talks about detecting JavaScript malware. Actually, he is talking about how to manually reverse engineer JavaScript encoders that drop traditional sploits.
Interesting, but too primitive to turn into an automated process to stop the JavaScript malware John and I are talking about at BlackHat.
I did a Google search for an ASCII chart this morning and came up with this link. I thought it looked familiar. Looking at the bottom of the image confirmed it. This is the ASCII chart printed in the back of the manual for my first computer, the Leading Edge Model D!
As you all know, I got into computers rather late in the game. I had used computers before, but my older brother Jason was the computer nerd. I knew enough to start the machine with the right bootdisk to play Doom or X-Wing (ahhh the days of hand tuning config.sys). He left for college in the summer of 1996, the computer broke, and I had to learn how to fix it. There was a 486DX2-66 in the basement that my mom still used, so I didn't have free rein on that system. Instead, one of my best friends Chris Brown gave me his old computer when his family upgraded. It was a dual floppy Leading Edge Model D. I set it up in my bedroom between Freshmen and Sophomore year and hacked on it every night. This is the computer I learned so much of my early computer knowledge. I remember doing things like:
-Using DEBUG to write assembly -Learning about screen buffers -Writing to the keyboard buffer to make programs that couldn't be killed. -Learning graphics programming for a Hercules video card (720x348 baby!) -Writing a phone call logger that opened the 2400 baud modem (OPEN "COM1" in Qbasic) and listened for the ATA "RING" commands.
I later upgraded it to an MFM hard drive and a CGA monitor. I hacked on that machine every night for almost 2 years. I spent my days sleeping through class or programming on my TI-85.
Mark: I ordered the cheese sticks at the Oasis once. Me: You actually ordered food at a strip club? Mark: I've sampled the cuisine at all of the strip clubs. ... ... [sigh] I need to get married
HP joins security convergence trend with SPI Dynamics buy
Topic: Business
11:15 am EDT, Jun 21, 2007
Hijexx wrote: On the heels of IBM's acquisition of Watchfire, HP today announced it was buying SPI Dynamics, another application security bellwether, for an undisclosed amount.
The move signifies the growing convergence of the information security marketplace, especially in light of IBM’s pickup of Watchfire, which was SPI’s main competitor, analysts said today.
...
I liked the name SPI Dynamics a lot better. So, how's it feel to (soon) work for HP Billy? :)
Ken Brockman : And I for one welcome our new insect overlords!
Critics like to point out it is difficult for web scanners to know when an entire RIA has been crawled. After all, certain actions might expose more functionality, which exposes more and more. Certain functionality (like a spell checker) might not get invoked unless there are mispelled words.
RIA are full blown applications. You don't "crawl" Microsoft Word do you? You don't "crawl" Visual Studio? Web security researchers need to remember that other industries confront the same problems we do. Automated GUI testing suites have existed for years and some of the research is very interesting and highly applicable. I have no numbers, but I'd bet dollars to doughnuts that market is a little bigger than the webappsec.
Talking about how difficult a problem is doesn't help anyone. Trying to solve it, even if you fail, helps everyone. I learned that in college at a lecture by Dr Cook, one of the definitive sources on the Traveling Salesmen Problem.
