Archive for June, 2009

Well, shit

June 26th, 2009 Comments off

I was on the fence about this, but it’s hard to argue with michael’s logic.

Categories: Misc

A job well done

June 26th, 2009 Comments off

I have to use aliases and vague terms in this story.

I work at Organization Alpha.  It uses a system manufactured by Vendor Bravo.  As a fun little side project, I propose a free security assessment of the Bravo system in use at Alpha.  The people in charge at Alpha give me the green-light.  With me so far?

Turns out the Bravo system is relatively old and on par with Windows 98 for security.  That’s not to say Bravo isn’t still developing it; to the contrary, they’re selling these systems like crazy to lots and lots of happy organizations.

Read more…

Categories: FAIL

“Bandwidth Caps Means Bad Security”

June 14th, 2009 Comments off

Don Franke at the (ISC)2 Blog brings up an interesting point about bandwidth caps: they’ll discourage users from downloading patches.

So customers using bandwidth caps need to be parsimonious with their Internet usage.  Gone are the days of being able to download anything that caught their fancy.  No more movies from iTunes, not so many songs from Napster, and no more huge OS updates.  Wait, what?

This is another reason bandwidth caps are the devil and should never be implemented.  On the other hand, I suppose it could cut down on the number of sites that send 40 AJAX requests for everything you click on.  If web apps get less flashy and chatty and complex, their security would probably improve by default.

Still, they’re the devil and they should never happen.  I’m already paying too much for my bandwidth and not even being allowed to use it how I wish.

Categories: What could go wrong

I got a new book

June 13th, 2009 Comments off

And I died a little inside.



Categories: Books

Gray Hat Python by Justin Seitz – Errata

June 10th, 2009 43 comments

I found solutions to both of the problems I mentioned in my previous post about Gray Hat Python – everything works fine on my laptop, which runs 32-bit Windows XP.  I’m loving the book so far.  However, I ran across several errors in the code listings, so eventually I found an email address for Mr. Seitz and let him know.  He said he’d send them on to the publisher to post corrections on the book’s web page.  In the mean time, I’ll go ahead and list them out here in case any other readers are struggling.  I’ll update it if necessary as I progress through the book.

Gray Hat Python in the Stacksmash International Testing Laboratory.

Gray Hat Python in the Stacksmash International Testing Laboratory.

So, here we go. Read more…

Categories: Books