About a month ago I traveled by train for a pre-sales meeting with a prospective customer. The trip was about two hours long, which would usually mean that it’d be boring. In this case it was different though: I was surprised with free OWI (Onboard Wireless Internet) on the train!
Simply connect to the available open (no encryption) wireless access point and you will be redirected to a login portal, aka captive portal. [...]
Save all your passwords and session identifiers in the cloud with Mozilla’s Weave. What do you think about that?
Now this is not entirely unique feature to Mozilla only. We’ve seen the same trend with Microsoft’s Live Mesh and I suspect that Adobe and Yahoo are currently working on their own clones. These types of technologies totally change the rules of the game. [...]
If you read the Wikipedia’s definition of Tiger Team you get the following: A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security. And further down we have In the computer security field, the term is now obsolete, and more common terms are penetration testers or security testers. [...]
I was flipping the pages of the latest SC Magazine and I am afraid to admit that it was very boring.
And this is not because the idea behind the magazine is bad. Not at all. It is mainly the fault of the numerous info security companies SC Magazine is listing, which are striving to sell you the latest crap that you don’t really need. Promises. Promises. And more Promises. But no substance! [...]
The fun with hacking UPnP enabled devices has just began. We’ve started our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which allows you to share all your laptop/desktop media content with all other devices you may have locally such as your phone, xbox, TV, and I suspect, your fridge. And all that via UPnP. That, I like very much. [...]
During the last couple of days we combined forces with Blogsecurity.NET in an effort to improve their online Wordpress vulnerability scanner. The result of these efforts is our new initiative called Blogsecurify.
Blogsecurify was created to help individuals and organization to secure their blog infrastructures by testing them against a set of security tests. The project is still in alpha stage although I am quite happy with the actual framework which I believe is the only one of its kind. [...]
Ok, ignore the image. This is the best I could find online. This post is about a thing I happen to notice while messing around with my own Google for Applications accounts.
Basically, Google allows you to use custom domains for your Google for Applications, Blogspot, Mashup Editor and of course App Engine accounts. I think this is an excellent feature and I use it for several of my domains. [...]
You know, being away from the blog does not mean that I did not have fun. Not at all. What’s wrong with this picture?
Btw, this is absolutely authentic. Apart from the 64bit encryption, pay attention on the two fields after that. Ouch!
Here is a thought for you: The entire information security industry today is based on fear. The fear of getting hacked and your integrity and reputation being publicly jeopardized and challenged.
This is what gives security vendors the power to sell you useless products which you don’t really need.
Please don’t take this post as a rant towards all the virtualization hackers out there. You are doing a great job and there is no doubt about that. My sole purpose is to get to the bottom of a problem which I believe is widely ignored when it comes to the purpose of virtualizations.
In Krakow I had a very interesting discussion with Joanna Rutkowska, the famous rootkit security researcher (if you don’t know her, google her work, it is a good read). [...]