Put people in a crazy situation and people do crazy things

You have no right to a lawyer
you have no right to witnesses
You don't really know what the charges are
And you certainly don't know what the secret evidence is against you

Its not about left or right, its about right and wrong

This is playing in Atlanta at The Landmark

Taxi to the Dark Side

Spork wrote:
Hopefully the number of users here will grow.

How do we get that to happen?

RE: Is a Digg rebellion in the works?

Acidus writes:

Andrew van der Stock The Executive Director of OWASP reviewed a draft of Ajax Security and here is what he had to say about it:

If you are writing or reviewing Ajax code, you need this book. Billy and Bryan have done a stellar job in a nascent area of our field, and deserves success. Go buy this book.

Is it just a re-hash of old presentations? No. The book breaks some new ground, and fills in a lot of the blanks in all of our presentations and demos. I hadn’t heard of some of these attacks in book form before. The examples improved my knowledge of DOM and other injections considerably, so there’s something there for the advanced folks as well as the newbies.

I really liked the easy, laid back writing style. Billy and Bryan’s text is straightforward and easy to understand. They get across the concepts in a relatively new area of our field.

The structure flows pretty well, building upon what you’ve already learnt ...
there is advanced stuff, but the authors have to bring the newbie audience along for the ride.

Billy and Bryan spend a bit of time repeating the old hoary “no new attacks in Ajax” meme which is big with the popular kids (mainly because their products can’t detect or scan Ajax code yet and still want money from you), and then spend the rest of the book debunking their own propaganda with a wonderful panache that beats the meme into a bloody pulp and buries it for all time.

Web security guru dre offers up this review of Ajax Security:

It’s quite possible that many Star Wars Ajax security fans will be calling Billy Hoffman, the great “Obi-Wan”, and pdp “Lord Vader” to represent the “light” and “dark” sides that is The Force behind the power wielded by Ajax.

The book, Ajax Security, covered a lot of new material that hadn’t been seen or talked about in the press or the security industry. The authors introduced Ajax security topics with ease and provided greater understanding of how to view Javascript malware, tri... [ Read More (0.2k in body) ]

Ajax Security Book Out! Awesome buzz!

From:
Date: Nov 26, 2007 11:52 AM
Subject: [Full-disclosure] To Hell With Georgia
To: full-disclosure@lists.grok.org.uk

UGA may have beaten Georgia Tech this year in football but just
listen to what their website has to say:

http://www.uga.edu/cgi-
bin/ldap?name=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%54%6F+%4
8%65%6C%6C+%57%69%74%68+%47%65%6F%72%67%69%61%27%29%3C%2F%73%63%72%6
9%70%74%3E&submit=Go&ouo=%3Duga&searchtype=cn

I've URI-encoded the injected script as to not spoil the surprise
(benign XSS).

Go Jackets!!!

-

To the Georgia Tech Alumni on Memestreams. What's the good word? To Hell With Georgia!

PS: It looks like George never got the message that Hushmail isn't so secret...

What's the good word?

School: Did you really name your son Robert'); Drop Table Students;--?
Mom: Oh. Yes. Little Bobby Tables we call him
School: Well, we've lost this year's student records. I hope your happy.
Mom: and I hope you've learned to sanitize your database inputs.

HAHAHA! Sweet.

To be fair, you shouldn't sanitize user input, you should validate it.

And you thought O'Hare was a bad name...

Oscar the cat seems to have an uncanny knack for predicting when nursing home patients are going to die, by curling up next to them during their final hours.
art.cat.ap.jpg

His accuracy, observed in 25 cases, has led the staff to call family members once he has chosen someone. It usually means the patient has less than four hours to live.

"He doesn't make too many mistakes. He seems to understand when patients are about to die," Dr. David Dosa said in an interview. He describes the phenomenon in a poignant essay in Thursday's issue of the New England Journal of Medicine.

"Many family members take some solace from it. They appreciate the companionship that the cat provides for their dying loved one," said Dosa, a geriatrician and assistant professor of medicine at Brown University.

After about six months, the staff noticed Oscar would make his own rounds, just like the doctors and nurses. He'd sniff and observe patients, then sit beside people who would wind up dying in a few hours.

Dosa said Oscar seems to take his work seriously and is generally aloof. "This is not a cat that's friendly to people," he said.

Creepy...

'Furry Grim Reaper'

The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:

* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
* Tracking phone calls placed by the user
* Manipulating the phone to place a call without the user accepting the confirmation dialog
* Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
* Preventing the phone from dialing

SPI Labs advises avoiding iPhone feature

Acidus says:

Jill and I are starting to shop for a house. Having lived in a house with a scary basement including a room we affectionately deemed "the murdered children room"* this comic presents a very real and legitimate fear.

* - 6x5 room, covered with falling down acoustic tiles, drain in the floor, no windows, and it locked from the outside... Seriously, that basement was freaky. Ask anybody.

Yeah, I've seen it. He's not kidding.

Penny Arcade! - Perfectly Reasonable

From Boing Boing:

"Mr. Lee is a cat in Germany, whose owner has attached a camera to his collar so that we can share his daily adventures! Some of the photos are mysterious. Others are beautiful. I love this!"

Cat has camera on collar so we can see what he does

The governor of Utah signed a nonbinding resolution on Tuesday that calls on the US Congress to do something about the rising tide of Internet pornography, preferably using technology to stick it in a ghetto where those who don't want to see it don't have to do so. The resolution, which passed both houses of the Utah legislature, was backed by CP80 ("Clean port 80"), a group founded and headed by Ralph Yarro. CP80's plan to cleanse the Internet isn't the only controversy that Yarro's involved in, though; he also happens to chair the board of directors for SCO.

OK, its official. SCO doesn't just hate linux. They hate the entire Internet.

"The Internet is not a force of nature, it's a man-made creation. It can be changed and evolved to better serve us all," said Yarro in a statement after the signing of the resolution. "There is no reason why we should tolerate an Internet that allows children to easily access pornography."

Someone has been reading Lessig... And getting exactly the wrong point. What, exactly, is the problem with filtering software?

CP80's solution would apply to the US only, of course, and their plan for dealing with international pornographers (who are unlikely to move to another port dictated by the US) is a simple but draconian one: consumers would ask ISPs to "simply block all IP addresses originating from a non-compliant country." Problem solved!

Instead of clamoring for legislation that forces anyone who says the word fuck to move to a different TCP port why don't they just ask pornographers to include an HTML meta tag on their pages. Not authoritarian enough? Doesn't generate revenue for our financial backers by creating a government mandated market for their software systems? Its just not any fun if its Constitutional? Sure, you won't get 100% compliance, but you're not going to get that anyway.

This page really erks me.

The Internet Community Port Act (ICPA) protects your right to publish, view AND block content deemed inappropriate to minors - a choice that you do not have on the Internet today.

You can install Internet filtering software.

ICPA supports the use of widely accepted social and legal standards, such as MPAA, RIAA, ESRP, FCC, the legal definitions for obscenity, indecency and harmful to minors, or any other community-defined standards.

In other words, anyone who says the word fuck would have to move to a different TCP port. Its very important that children don't hear the word fuck, because it harms them developmentally, as opposed to the word shucks, which is just a word. Did I mention that Unicorns are real?

Categorization Is Not Censorship

If categorization were censorship then phone books, libraries, street signs and all oth... [ Read More (0.2k in body) ]

SCO Chariman wants Congress to make port 80 porn-free