CISSP registration

July 22nd, 2009 Comments off

Of palms and faces:

I get the feeling there's a correct answer here, and mine isn't it.

I get the feeling there's a correct answer here, and mine isn't it.

Categories: FAIL

Shiny new things

July 17th, 2009 Comments off

Yesterday I saw this post by wishi: BinVis re-released – Visual Reverse Engineering and Forensics.  Though I’m a fan of Greg Conti’s rumint (and I wish he’d ever update it, dammit), I had never heard of BinVis.  I was intrigued by the title since I’m nothing more than a curious idiot when it comes to reversing.  I tried the old version of the tool – get it here – and while I haven’t a damned clue what it does, I can confidently say it creates lots of pretty pictures and colors.  And that’s what matters to me.


I do wish Fyodor would have someone re-design or at least re-skin his site.  It looks hideous.

Categories: Tools

The Sapheads cartoon

July 17th, 2009 1 comment

I’m a little late to this party.  If you’re late too, here’s what happened:

Now we’re all up-to-date.  I disagree with Nikita that the portrayal wasn’t really that bad; I find it hard to imagine any of the other three characters in a “cheer-leader purpose” role.  On the other hand, the writing suggests to me that something might have been lost in translation.

No matter.  What I really wanted to do with this post is point out how hilarious I find the correction to be:



Before, she’s set apart with an unrelated and subservient role.  After, she’s set apart with a few unrelated and over-the-top roles.  I say “unrelated” because it still doesn’t seem like she’s involved – the captions on the rest of the crew tell what they actually do; hers looks more like a few job titles.  This further leads me to think there’s loss in translation and the comic’s author just doesn’t quite understand the nuances of the worship of political correctness.

That said, I would like to glibly voice outrage because, while women were at least represented in the comic at all, my racial category is absent.  I do not see ONE SINGLE purebred German in the crew.  Let me propose a correction.

When he's not cooking Alpenschnitzel, of course.

When he's not cooking Alpenschnitzel, of course.

Hell yes.  (Credit due to Andy Richter.)

The surreal quality of the offending material and the ensuing tiny poop-storm impels me to apply the FAIL tag here.  Now that I’ve made fun of both sides of the argument, it’s time to move on.

Categories: FAIL

My title?

July 16th, 2009 1 comment

Even though I have no respect for it, I’m taking the CISSP exam soon so I can start putting letters after my name and get people to pay me more money because of it. I’m setting up a new account so I can pay them $600 to take their test. I’m filling out a form with the following required fields:

  • First name
  • Last name
  • Title
  • Email address

… title?  I don’t have a title, that I know of.  There’s an optional “Prefix” field to take care of something like “Mr.” or “Dr.” (or even “Father” … are a lot of priests taking the exam?).

So, I think I’m just gonna go with “Sovereign Lord.”

Categories: Misc

Amazon ownership unknown?

July 12th, 2009 Comments off

I was on yesterday and I noticed Firefox 3.5’s spiffy button in the address bar.  I clicked it, revealing this:

" which is run by (unknown)."  My guess is the Illuminati.

" which is run by (unknown)." My guess is the Illuminati.

But at least it’s verified by VeriSign!  I sure feel way more securer now.

Categories: FAIL


July 10th, 2009 Comments off

Yesterday I competed in the CIPHER 5 competition.  It was a fun challenge, but I wasn’t a big fan of the competition itself.  The scoring system was very unreliable, and we developed an exploit we were unable to use because the scorebot went down for a while.  Teams are supposed to get points for writing vulnerability advisories, but ours were rejected for vague reasons.

Not that any of that mattered, because the team affiliated with the host of the competition jumped straight to the top of the scoreboard and never left the #1 spot.  Nobody else even came close.  Big surprise there.

I had a lot more fun last year competing in the UCSB iCTF – that one was very smooth, functional, diverse, and interesting.  I haven’t heard if there’s another one this year, since (I think) that crew is doing the CTF for Blackhat, but I hope so.

Categories: Misc

Well, shit

June 26th, 2009 Comments off

I was on the fence about this, but it’s hard to argue with michael’s logic.

Categories: Misc

A job well done

June 26th, 2009 Comments off

I have to use aliases and vague terms in this story.

I work at Organization Alpha.  It uses a system manufactured by Vendor Bravo.  As a fun little side project, I propose a free security assessment of the Bravo system in use at Alpha.  The people in charge at Alpha give me the green-light.  With me so far?

Turns out the Bravo system is relatively old and on par with Windows 98 for security.  That’s not to say Bravo isn’t still developing it; to the contrary, they’re selling these systems like crazy to lots and lots of happy organizations.

Read more…

Categories: FAIL

“Bandwidth Caps Means Bad Security”

June 14th, 2009 Comments off

Don Franke at the (ISC)2 Blog brings up an interesting point about bandwidth caps: they’ll discourage users from downloading patches.

So customers using bandwidth caps need to be parsimonious with their Internet usage.  Gone are the days of being able to download anything that caught their fancy.  No more movies from iTunes, not so many songs from Napster, and no more huge OS updates.  Wait, what?

This is another reason bandwidth caps are the devil and should never be implemented.  On the other hand, I suppose it could cut down on the number of sites that send 40 AJAX requests for everything you click on.  If web apps get less flashy and chatty and complex, their security would probably improve by default.

Still, they’re the devil and they should never happen.  I’m already paying too much for my bandwidth and not even being allowed to use it how I wish.

Categories: What could go wrong

I got a new book

June 13th, 2009 Comments off

And I died a little inside.



Categories: Books