-
Short news
Via terminal23.net/: The Shmoocon 2007 videos start to appear. A hacker challenge for the conference is still online, so that you can give it a try. From what I saw it is very nice (needs all kinds of different skills from overflowing buffers to writing sql injections)
-
AOL Bullying Gaim!
This is deeply troubling: AOL is forcing Gaim to change its name Please kindly contact AOL, and bring these points to their attention: The users of Gaim are highly technical and the probability of them making a confusion between AIM and Gaim is infinitely small Searching for AIM on search engines (like Google, Yahoo or…
-
Securing the Internet
There is a great series of articles over at the matasano blog about the deficiencies of dnssec. While I have no deep knowledge of the matter, the series seems to bring up very valid points against this security feature (the most near to my heart being the CPU cost of cryptography – which is expensive…
-
My submission for The Ethical Hacker Skillz Challenge
The submission date for the 8th ethical hacker skillz challenge is over and I’m eagerly awaiting the results (which should be published any day now). Until then here is my version of the solution, maybe somebody finds it useful someday: What is the significance of various numbers in the story, including the speech patterns of…
-
Linux tips
Via the All About Linux blog: bash completion – if you type ls — in your terminal and you tap the tab key twice, it will list all the available options. This works only of the most important commands (like ls, rm, …) but it’s still a nice add-on. And best of all – it…
-
Moving to Ubuntu – swap partition
I continued to perfect the solution for the Ubuntu swap partition problem (although I just upgrated to 1G of memory so it doesn’t manifest itself as quickly as before, w00t!), and would like to share my results: As posted earlier, you can use the free command to check if your swap partition is activated (on…
-
Input validation
The month of PHP bugs is over, but you should still watch the PHP-Security blog, since there are good things coming from there, like this article: Holes in most preg_match() filters. Go read it if you are using regular expressions for input validation. Two tips to avoid these pitfalls: Cast your input to the datatype…
-
Lies, Damn Lies and Statistics
I’m back with more critique for Deb Shinder (who for one reason or an other doesn’t allow commenting on her blog, so I can’t directly post there). Read part one (Biometrics is not the answer!) and part two (Three letter acronyms don’t provide good security!) for more opinionated posts. The post I’m talking about is…
-
Full disclosure – yet again
I came about this post about ethical hacking and I felt the need to respond to it publicly since (I feel that) the article offers a skewed view and does not present the counter-arguments: First of all I would like to stress that discovering and writing exploits for certain types of flaws (and I’m not…
-
Month of PHP bugs roundup
The month of PHP bugs is over and I thought that I make a little list with things you can do to mitigate the bugs where possible: Update to PHP 5.2.1 and watch out for the next version and update to it as soon as it comes out. Do not PHP4, because there is a…