I am a hacker and you are afraid and that makes you more dangerous than I ever could be.
DOMinatrix - The JavaScript SQL Injector
Topic: Technology
2:05 am EDT, Jul 26, 2007
DOMinatrix is, well, incredibly awesome. It's a full automated SQL Injection tool written in JavaScript, which will dump out data from MS SQL Server databases (more to come). I'm be demoing DOMinatrix at my Black Hat presentation.
XSS + Web worm + DOMinatrix = oh crap.
In the last 5 months we've seen the development of web scanners and SQL injectors in JavaScript.
These aren't a browser exploits. These aren't buffer overflows. These aren't something that affects only a single browser and only on pages that don't explicitly set a character set.
This is using JavaScript in perfectly valid ways to do extremely malicious things.
There is no way to patch this. End users are pretty much screwed.
Mark: Meg White is hot. You know she owns ever Bob Dylan album ever made? Bryan: I own ever Bob Dylan album ever made. Mark: ...Not quite the same thing but buy me a drink and we can talk
Reality Bedding: “Too Visionary” and “Ahead of Its Time”
Topic: Miscellaneous
3:12 pm EDT, Jul 23, 2007
Here’s a surprise: Reality Bedding, the revolutionary new startup that lets you buy a comforter with a celebrity picture (or two women kissing) printed on it, is going out of business. The company also promised to let buyers upload their own images but I was never able to find that feature when looking for it.
HAHA! If you do read Techcrunch's Deadpool, you are missing the fun of Web 2.0 bubble death.
I submitted your title to the Conference Advisory Board and we were hoping you could possibly re-phrase the “Premature AJAX-ulation” references. While some of us appreciate the play on words, we have a feeling it would not be well received by all and we do not wish to offend anyone.
The only thing better than an hour long benefits presentations is a two hour long benefits presentations.
Please explain to me *how* the $30 spousal fee is deduced from each pay period. Whats that, You withdrawl it from my paycheck? I'm not sure I understand, please explain it to me again. For 5 minutes. In excruciating detail. I only graduated on the Dean's List from one of the top five engineering schools in the country, so please, waste some more of my relatively unimportant time.
This rocks. some Australian guys build a Trojan Horse full of people dressed like Greek solders, and then try to get it past security into various places in Sydney. The only place that denies them access is the Turkish Consulate.
The SPI laboratory : SPI Labs advises avoiding iPhone feature
Topic: Technology
11:39 am EDT, Jul 17, 2007
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing * Tracking phone calls placed by the user * Manipulating the phone to place a call without the user accepting the confirmation dialog * Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone * Preventing the phone from dialing
These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm.
For example, an attacker could determine that a specific website visitor “Bob” has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob’s phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss.
Episode 1 Summary: Russell Shoemaker wakes up in a New York hotel room the morning after a catastrophic phenomenon wipes out technology and all signs of life. And then the rains begin...
Run down 41 flights of stairs with a laptop and you gain a new appreciation for elevators.
It made no sense. A big, 4 star hotel and not a soul in sight.
If you haven't seen Afterworld you are missing out. Very cool; watching the episodes I'm reminded of Day of The Triffids
