Too soon Swiss Post... too soon.

Swiss Post owned by Terrorists

T-E-R-R-O-R-IST

Terrible
Tantalizing
Intriguing
Terrorist, terrorist

Dj Vadim - The Terrorist

If Batman prefers the Beer Belt, what does Rambo wear?

I need one of these before I go to PhreakNic.

Beerdolier, Go Commando!

I'm sure the higher-end treadmill models have better interfaces, but this one in particular uses a standard audio jack which uses encoded sounds to control the various speed and incline settings found on the treadmill. For example, playing the sound encoded for speed-3, incline-7 will set the treadmill accordingly. As you can imagine there are quite a few of these sounds. I was able to acquire these sounds after a little prying into the JavaScript for the treadmill application provided by the vendor.

Sound controlled interface?! Don't they realize that is how the Decepticons stole all our government secrets?

Controlling your Treadmill from Silverlight

One of the most perilous points when caring for the seriously ill is the handover between surgery and intensive care. As each moment ticks by on the transfer from operating table to ward bed, the risk to the patient increases. It’s an age-old issue, but one that the doctors at Great Ormond Street were determined to improve.

After seeing several of his patients falter during handover, paediatric heart surgeon Professor Marc de Leval was particularly concerned. In an effort to understand why, he recruited a team of ‘human factor specialists’ to assess a number of arterial-switch operations, a procedure designed to fix a congenital heart defect in newborn babies and one which can be particularly fraught with difficulties.

Leval’s study suggested that it was the handover process that was letting the side down. How the hospital could improve its handovers, however, remained largely unresolved until two members of Great Ormond Street’s staff found themselves relaxing in front of a Formula One race on TV after a particularly hard day at work.

“Two of us are F1 fans and we were sitting one Sunday, after a transplant, watching a Grand Prix,” explained Dr Allan Goldman, head of the hospital’s paediatric cardiac intensive care unit. “My colleague Professor Elliot, who is a surgeon, remarked that when you look at a Formula One pit stop, how they all get together is really the epitome of how a team can reconfigure into a functional unit.”

From quick reactions at the start, to optimal acceleration and late braking - efficiency is central to the outcome of a Formula One race. And this need for clear organization and swift reactions is clearest of all during a pit-stop, when crews of 20 highly-trained individuals come together to refuel, re-tyre and fine-tune a car to get it back out on the race track within a matter of seconds.

For Goldman and Elliott the parallels between this and their own challenges were striking. Both involved multiple specialists simultaneously carrying out numerous, complex tasks - tasks that frequently involved complex interfaces, and which all had to be completed quickly and accurately. Upon this realisation the duo quickly set about contacting Formula One teams to ask them to lend their expertise and help the hospital streamline their processes during a patient handover.

...

“They’re trying to achieve excellence in winning races, and we’re trying to achieve excellence in patient outcome,” explained Goldman. “Our errors went down by about 30 percent or so. The key thing we found though was that there was a reduction in multiple errors. You notice when you see clips of Formula One that when things go wrong, like a fuel hose gets stuck, the little errors add up and cascade into a major failure.

The awesomeness that is Formula 1 never ceases to amaze me.

What Can't We Learn From F1?

As if creating the first and only Video Relay Paintball Turret wasn't enough, the 3rd Generation Turret packs a lot more punch and a new look.
The Elite version has all the same great features of the standard turret with a few new additions. By relocating the tanks to the tripod, the turret can spin and stop on a dime much quicker. And the new rotation and tilt braking adds even more precision to aiming.
The tripod has been completely redesigned and now sports automatic spreading legs, adjustable leg height, scuba tank mounts, triple-tube aluminum supports and vibration dampening.
The firing mechanism and bolt have been upgraded to allow firing rates of 30 rounds per second in full auto. Single shot and variable rate burst firing is still available as well.

Bumbot needs an upgrade.

EMT Paintball Sentry Turret

Amazing...

http://www.thewebsiteisdown.com

The Website Is Down

June 1941. "Rain. Pittsburgh, Pennsylvania."

Pittsburgh: 1941 | Shorpy :: History in HD

I LOL'd when Matt told me about this... Those people that complained about the limit... This is for you. I recall someone on the webappsec mailing list saying when they tried to scan their site it stopped due to "the limit". Wow they must have a big site ;)

Start at bottom for maximum effect...

_____________________________________________
From: Hoffman, Billy
Sent: Thursday, June 26, 2008 5:27 PM
To: Wood, Matt (); Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

This is too great. I'm posting this to Memestreams.

Billy Hoffman
--
Manager, HP Web Security Research Group
HP Software – Application Security Center
Direct: 770-343-7069

_____________________________________________
From: Wood, Matt ()
Sent: Thursday, June 26, 2008 5:27 PM
To: Wood, Matt (); Hoffman, Billy; Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

Stivo! you crazy! Change-set 27173. 6/21 @ 6:37pm in SimpleUrlCrawler.cs 

I guess the build-box is building with the debug symbols in it?

So the crawl limit is 2.1 billion right now  2^31-1

_____________________________________________
From: Wood, Matt ()
Sent: Thursday, June 26, 2008 5:19 PM
To: Hoffman, Billy; Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

Whoops! Here:

private void buildCrawlLimit()
{
crawlLimit = 1500;
#if DEBUG
crawlLimit = int.MaxValue;
#endif
}

Pretty sure the Labs build box is pumping out debug builds...

_____________________________________________
From: Hoffman, Billy
Sent: Thursday, June 26, 2008 5:19 PM
To: Wood, Matt (); Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

... ... STFU! Are you telling me the limit most people are bitching about doesn’t even exist? Haha, Should we even patch that?

Billy Hoffman
--
Manager, HP Web Security Research Group
HP Software – Application Security Center
Direct: 770-343-7069

_____________________________________________
From: Wood, Matt ()
Sent: Thursday, June 26, 2008 5:15 PM
To: Hoffman, Billy; Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

Haha… scrawlr may not have a limit…

I just set a break point in the function that checks it and it never gets called… apparently it got lost somehow…

_____________________________________________
From: Hoffman, Billy
Sent: Thursday, June 26, 2008 5:10 PM
To: Wood, Matt (); Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

Then explain this:
[Screen shot removed]

Billy Hoffman
--
Manager, HP Web Security Research Group
HP Software – Application Security Center
Direct: 770-343-7069

-----Original Message-----
From: Wood, Matt ()
Sent: Thursday, June 26, 2008 5:07 PM
To: Hoffman, Billy; Millar, Steve A
Subject: RE: uhhhh does Scrawlr really have a limit?

Nah, just a lot of parameters. We will only crawl 1500 pages, but we will audit more.

-----Original Message-----
From: Hoffman, Billy
Sent: Thursday, June 26, 2008 5:09 PM
To: Wood, Matt (); Millar, Steve A
Subject: uhhhh does Scrawlr really have a limit?

Guys,

I noticed a Chinese site offer Scrawlr for download. Its classic ASP so I decide to scan it with Scrawlr.

Site is: [Site Removed]

The only thing is, Scrawlr is saying it has visited 3879 pages so far and is still going. Perhaps a bug in our limiting?

Billy Hoffman
--
Manager, HP Web Security Research Group
HP Software – Application Security Center
Direct: 770-343-7069

Whoops!: Or we are paid to be researchers not QA professionals

Billy strikes again:

In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.

Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines.

To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!

Microsoft Advisory
HP Web Security Research Group Blog
Scrawlr Download
Scrawlr FAQ

Introduction Scrawlr: a free Crawler + SQL Injector tool