stacksmash.org

I passed the CISSP exam.  Now I can stop making fun of it for a while.

Once upon a time, I wasn’t satisfied with WordPress’s backup feature for some reason.  I can’t remember why.  This was way back in 1.2 or something, and I’m sure it’s fixed now.  Nevertheless, I set up a system for database backups which I think works pretty well.  It runs as a cron job on my host, backs up the database, compresses the backup file, uuencodes it, and emails it to my Gmail account.  There I have a filter which directs such emails to the Trash.  This way I never have to actually deal with the backups, but they stay in the Trash for 30 days until automatic deletion – so I have backups of every day for a month.

So I thought I’d share.  My cron job is set to run at 3 AM every day.  It’s a string of semicolon-separated individual commands:

Read more…

Even though I have no respect for it, I’m taking the CISSP exam soon so I can start putting letters after my name and get people to pay me more money because of it. I’m setting up a new account so I can pay them $600 to take their test. I’m filling out a form with the following required fields:

• First name
• Last name
• Title
• Email address

… title?  I don’t have a title, that I know of.  There’s an optional “Prefix” field to take care of something like “Mr.” or “Dr.” (or even “Father” … are a lot of priests taking the exam?).

So, I think I’m just gonna go with “Sovereign Lord.”

Yesterday I competed in the CIPHER 5 competition.  It was a fun challenge, but I wasn’t a big fan of the competition itself.  The scoring system was very unreliable, and we developed an exploit we were unable to use because the scorebot went down for a while.  Teams are supposed to get points for writing vulnerability advisories, but ours were rejected for vague reasons.

Not that any of that mattered, because the team affiliated with the host of the competition jumped straight to the top of the scoreboard and never left the #1 spot.  Nobody else even came close.  Big surprise there.

I had a lot more fun last year competing in the UCSB iCTF – that one was very smooth, functional, diverse, and interesting.  I haven’t heard if there’s another one this year, since (I think) that crew is doing the CTF for Blackhat, but I hope so.

I was on the fence about this, but it’s hard to argue with michael’s logic.

Tonight someone tried to snatch my sister’s purse as she walked to the door of my apartment.

They failed, and I smashed the driver’s window out of the getaway car with my softball bat.

Moral of the story: have at least a softball bat ready at all times.

Disclaimers: I would never get bored and distracted in class, and I would never fire up a sniffer just to see what’s comin’ over the radio waves.

But if I did both of those things today, here are some of the things my colleagues might have been up to:

• Facebook (of course)
• Meebo (I’d never heard of it; looks like something that integrates various IM protocols)
• A World of Warcraft update
• Spring Training MLB scores
• A bunch of NFL stories
• Weather
• Spgc3.aftershocksf.com (a Mafia game available as an iPhone app)
• Various personal emails (university, Yahoo, Gmail, Hotmail)
• Twitter
• News feeds
• Music downloads (hmm. No headphones visible…)
• A bodybuilding forum (eww.)
• Windows Update (yay!)
• Blogging on Stacksm- oh wait.

Well, that was mildly fun.  Or would have been, if I did it.

I had high hopes for Sudoku as the CAPTCHA of the future, but some jerk went and solved Sudoku.

Who am I?  I’m a college guy just about to graduate with some computer-related degrees.  Relatively late in my life I became interested in computer security.  My school has a computer security degree program which is enthusiastically promoted and less-than-enthusiastically taught.  Therefore I’m “a few decades behind on smashing the stack.”

I’m trying to learn, though, and I think sometimes I’ll have something useful to say, which is why this blog exists.  In the spirit of brevity, that’s all for now.