Grey Panthers Savannah

Author: gpanther

  • I saw/read about SSLstrip – should I be afraid?

    A friend of mine said that  he saw the SSLstrip presentation from BlackHat DC 2009 and asked me if he should be afraid. Here is the advice that I gave: you shouldn’t be afraid. Fear is a bad motivator because it wants to force you to act quickly. A much better concern is informed concern.…

  • Does Google Chrome prevent CSRF?

    Some time ago I was reading the article Session Destroyer: Automatic Webapp Session Invalidation from the Linux Journal. It was a neat idea, however the part which peeked my interest was the following: Mozilla Firefox does not protect you against this attack by default. However, Google Chrome supposedly does because they implement each tab in…

  • A very cool scene from a film

    And I write rhyming titles. W00t! 🙂 The scene is from the 1986 film Crossroads: Just in case the copyright overlords take that one down, here is an alternative version:

  • How to handle problems?

    Pretend they don’t exists! Some time ago I complained about WinPatrol. Today its author published a blogpost badmouthing Adobe because of the recent flaw in Adobe Reader. Myself in turn, posted a comment pointing out that no software is perfect (his included) and furthermore: the advice he gives is partially wrong and leaves people exposed…

  • Mixed links

    New Shool Information Gathering Toorcon X Edition Video – embedded below. You can also download the presentation. Very interesting and a lot of tools are mentioned which can be useful for reconnaissance. It looks like the GDrive is coming. Hopefully soon I can build my backup home-grown backup strategy, which should look something like this:…

  • Brave new world

    What do you call a world where tens of thousands of people have the ability to take out considerable part of an important infrastructure item. This the world we live in. Tens of thousands of people can create botnets and use them to attack other sites. Most recently the Metasploit site was attacked together with…

  • Spot the flaws in the Windows 7 UI

    I’ve been playing around with the Windows 7 beta for a couple of days now, and it feels painful! Regardless of what Leo Laporte says, it is very much a beta. And even the recent beta releases of Ubuntu are better than this. Below you can see a screenshot in which I tried to exemplify…

  • Writing binary values to files from VBScript

    Browsing the interwebs, I came across the following article: Invisible Denizen: ie_unsafe_scripting metasploit module. In it I found a part which raised my curiosity: Unfortunately, it does not allow you to directly write binary files to the file system. (You can use WScript.FileSystemObject to create a ‘text’ file that contains binary data, but this will…

  • Books to read

    I’m entirely aware that probably I won’t have time to read all of them, but I’m putting them here for future reference (all of the linked books are free): from the taint.org blog / Geeking with Greg: Introduction to Information Retrieval – very interesting with contributions from real practitioners from the all about linux blog:…

  • Mixed links

    From Slashdot: Facebook Scrambles To Contain ToS Fallout. I especially liked the line “a new Facebook group called ‘People Against the new Terms of Service’ that has added more than 10,000 members today” (emphasis added). So yeah, start a group on the same site we are disagreeing with to show our protest. That should show…