June 2005
15 posts
And so it begins….
Another Archspace set began this weekend. That meant I slept only a couple of hours during the weekend and a few hours monday. Fortunately I slept rather well this night. 21CN, my team, sort of split to try and make the game a bit more of a challenge but it didn’t work and we took the top without any resistance. I hope this set doesn’t last long. Anyway there are new features, some...
Port 80/HTTP Security Papers
A look at whisker’s anti-IDS tactics (1999) Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures (2001) Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two (2002) Header Based Exploitation: Web Statistical Software Threats (2002) TCP Port 80 - HyperText Transfer Protocol (HTTP) Header Exploitation...
Marcus Ranum SF Interview
Yes the interview was on slashdot, yes another ignorant slashdot story.
Points made:
- Standards Committees suck; (well know fact)
- The same ideas keep cropping up over and over again in different forms; (Sort of true)
- We’re making zero progress in computer security; (Not really, we’re just moving very slowly and everytime a problem is fixed a new one appears. Solutions to...
Nmapbot
Nmapbot is capable of responding to a few general comments {hello, goodbye, information, thanks} like most chatterbots. However, what makes my bot special is that I wrote event triggers that allow him to spawn processes to run security tools (e.g. nmap).
How To Keep Your Computer Spyware Free - Basic...
- If you install Microsoft Windows yourself, make sure you are behind some sort of firewall (a simple router like the linksys BEFSR41 will do). If connected to the internet directly a vulnerable Windows PC will become infected within minutes (I’ve seen it happen within seconds). Even after your computer is installed and patched it should remain behind a firewall (preferably both a hardware...
Project GridUP
The University of Porto has signed an agreement (in portuguese) with SUN Microsystems Portugal (Press Release). UP purchased 3 clusters with a total of 48 nodes (96 processors) and now, apparently has the first Campus Grid in Portugal.
The three clusters are divided: one is at the Faculty of Engineering (in english), the other at the Faculty of Science and the other at IRICUP (in english). Each...
Laptop Theft
I decided to make a quick blog entry on this subject after reading about Seagate’s plans to include encryption technology in its laptop harddrives.
Laptop theft is a problem not just because of the stolen hardware but because of the data inside its HD. Corporate espionage, identity theft and similar crimes have been commited by stealing a laptop. A couple of examples: MCI employee data...
Games for The Summer
Games:
- Metal Gear Solid 3, PS2 (Review)
- God of War, PS2 (Review)
- Vampire The Mascarade Bloodlines, PC (Review)
- The Chronicles of Riddick: Escape From Butcher Bay - Developer’s Cut, PC (Review)
- Grand Theft Auto: San Andreas, PC (Review)
And more Starcraft and maybe Warcraft 3.
Star Wars - High Ground
Apple Brand Computer
.XXX
Joi Ito has Some notes on the .XXX Top Level Domain. My opinion was pretty much expressed by joat in this post: It’s not going to work. And not just because of the silly price tag but mainly because it would be trivial to censor all .xxx websites. This has little to do with parental control software - children can’t pay for porn. This has to do with people watching porn at...
SANS Webcasts
SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Portal account. If you don’t have an account, just go to the SANS Portal page and fill in the simple registration...
The Rumors of my Untimely Demise
No I’m not dead I’ve just been busy. With what? Well I have an important exam coming up (on the 14th of June), I’ve been to a birthday and a lan party and I’ve been trying to avoid blogging because I don’t want to make an “I-told-you-so” post about Apple’s switch to intel processors. I’ve also been trying to think of stuff to submit in my...
SecurityFocus.com has a new look
SecurityFocus.com has a new look - it looks great.
Experimental supercomputer made from Field...
I remember a conversation I had with João Paredes (Chefax R&D) a couple of years ago about using FPGAs instead of microprocessors in high-performance/super computers. João did hint it in a comment under his interview at OSnews:
I’ll just give you a hint: it’s amazing what one can do with FPGA’s.
Fast-Forward two years and I see a story entitled Self-wiring Supercomputer on...
May 2005
29 posts
It’s that time again
Time for another post and also for another Full Disclosure debate. I’ve always been a big fan of full disclosure - getting ALL the information out there so that users/admins can decide for themselves instead of relying on a company that has no interest whatsoever in exposing the true level of their incompetence to their customers.
Also Google Code - Summer Code, maybe I’ll actually...
