Monday, June 21, 2010 at 10:03AM Brad Spengler's views regarding Tavis Ormandy's recent full-disclosure of a vulnerability. Best line, when he tells Robert Hansen/"RSnake", CEO of SecTheory to "stay classy out there, scumbag."
Brad gets the "Amen Award" because after reading, all I can say is Amen!
Hyenas of the Security Industry: http://seclists.org/dailydave/2010/q2/58
Monday, June 21, 2010 at 10:01AM Some guy called me a Ligatt the other day on twitter. I have not been keeping up on the news since I was getting ready for my buddy's wedding this past weekend. (Hooray for pre-wedding parties and a place in South Florida that allows 5 on 5 basketball against the Club Girls, one who can dunk)
Since I only briefly scanned that story I had to go back and read it. Well I had to Google this thing and here are some stuff I found.
http://attrition.org/errata/charlatan/gregory_evans/
http://blog.c22.cc/2010/06/17/threats/
Open Source and Creative Common Licenses allow us to share and borrow. Just give a reference. Don't be a dick. Don't make claims you are the world's best hacker or you will get you site/life destroyed because the real world's best hackers will see that as a challenge which you will lose.
Respect, just a little bit. Didn't this guy go to jail? He would have been shanked if he was in OZ.
However, a disclaimer. I did copy a paper freshman year of collage about who my hero was... Don't copy off of he guy who picks the Pope. You will get caught. Also don't use the excuse "Take from 1 source = plagiarism and take from many = research." It will not work. The teachers response.... "If only you used a bibliography to site your reference Mr. n00bz. Here is a F for the paper and I expect you to stand in front of the class and tell them why your a mook. I was pwned!"
Liggat, Strippers with Basketballs in Hacking, Internet Friday, June 18, 2010 at 11:48AM I am on a plane with wifi and launch the new 0-day (give or take a day) against a XP machine.
(Thanks to Metasploit adding it to the Framework, I didn't use a commercial product. The 2 computers were mine, pay for the wifi, kids don't try this at home)
What a great world we live in...
Metasploit, hacking in Hacking Tuesday, June 15, 2010 at 5:24PM Rolling Stone Magazine had a great article about the TJX hacker (also a Miami resident) in the issue with Russell Brand. The article is a great read. Alex Horan of Core Security shows how the attack occurred.
http://na-d.marketo.com/lp/coresecurity/ReplicatingGonzalezCyberAttacks.html
Remember your network is only as strong as its weakest link.
Tuesday, June 15, 2010 at 4:58PM After our Pen-Test contest, several people have inquired about a WebAppsl HackOff for all the SQL and XSS problems out there.
Perhaps Acunetix vs. Netsparker vs. Webinspect?
Let me know which tools you would like to see.
Web Apps Pen Test- Coming soon to HackMiami.
