CdC Goolag

Cult Of The Dead Cow’s Goolag. Too tired to read it at the moment.

Deconstructing Xbox 360 Security

Almost one year ago I blogged Deconstructing Xbox Security, this year there’s Deconstructing Xbox 360 Security (24c3-2279-en-deconstructing_xbox_360_security.mkv) presented at 24C3. Link to 24C3 video recordings.

Links 05-11-2007

Top 15 free SQL Injection Scanners

svn-time-lapse-view

Twitter Guide Part #5 – Twitter Tools | Web Applications

JanusVM – Internet Privacy Appliance

Top 10 Reasons Websites Get Haked

Top 10 Reasons Websites Get Hacked (2007) by OWASP via Zone-H/Full Disclosure.

A Defcon (or public wi-fi) survival guide

The Register has this article entitled “A Defcon survival guide” which contains a list of measures you should consider taking when using public Wi-Fi.

EDIT: Yes I know this is more than a month and a half old – it has been one of my open tabs in firefox (which works as a sort of to read/to blog list) for that long.

The Weakest Link

You all know the saying and how Windows is always on top of it. Granted this isn’t nor as it ever been what I’d call a big deal but it’s funny how it’s never fixed. Most people I know actually LIKE to know the type of files they are dealing with and to them, changing this option is one of those little Windows tweaks that you have to do every time you install it. But hey I’m sure MS has got some good reason to make this annoying behavior the default.

Random Noise – Back from the present

After spending the past 5h30min working for my “Compilers” class project, I’ll have to take some care not to use regular expressions writing this post.

Codeplay makes autoparallelising compiler – I had no doubt this was coming.

Google: Taking steps to further improve our privacy practices – corporations taking steps to protect their customers privacy is always welcomed. Google again takes a decisive lead when it comes to online big names. I fully expect You-know-who to tell the press that he and his company believe privacy is bad and that they are taking further steps to “help protect our children”.

Gnome 2.18 is out – another incremental improvement. Step by step, PC by PC, the world will be converted to gnome.

I’ve had more than one discussion on the subject of enabling IPv6 support. My argument as always been “I don’t need it, I won’t enable it”. I’ve actually went on about how IPv4 stacks have been heavily scrutinized – specially in the post-nmap world with IPv4 packet manipulation tools being a commodity. I postulated long ago that IPv6 stacks had not been subject to such intense scrutiny and that we would see at a few DoS, a couple of remote root vulnerabilities, an amazing array of OS-specific signatures and off course a quit a few “complications” all thanks to IPv6. Check out Van Hauser of THC presentation Attacking the IPv6 protocol suite from EuSecWest 06. Now, thanks to the vulnerability research work done by Core Labs, I can go “IN YOUR FACE DUDE!” to the people that keep harassing me over IPv6.

{letter}*({ Damn!

And while we’re on the subject

Note To Self: take a look at firekeeper – project page, project weblog.

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
Other features of Firekeeper include:

* Ability to scan incoming Firefox traffic – HTTP(S) response headers, body and URL and to cancel processing of suspicious responses.
* HTTPS and compressed responses are scanned after decryption/decompression.
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive alerts that give an ability to choose a response to detected attack attempt.
* Ability to use any number of files with rules and to automatically load files from remote locations.

NoScript – before I forget… again

I’ve been meaning to make a decent post explaining why you should use the NoScript extension in firefox but I can never get around to it and end up forgetting for months at a time only to forget all about it again so I’m gonna leave here the link, say “It’s a Good Thing” and leave you to figure out why.

Here’s a nice and recent example.

Javascript is pretty powerful and with great power comes great responsibility or something like that… I’m gonna go to sleep before I say any more weird stuff.

Exam Season, AACS, FEUP Blogs

This one is almost over… it’s been… interesting. Trying hard to keep up with the news. The only thing interesting I read was the AACS stuff. Who would’ve thought after so much work they wouldn’t even bother encrypting the USB traffic?

Another recent development that I’ve been keeping up to date with is NeACM’s FEUP Blogs. It’s been talked about in this room (D007 – Chefax/NeACM) for at least a couple of years, it was in development for 6 months and now it’s finally here. It looks really great! At the time of writing, after only a few days, it already has 100+ blogs. Insta-Success!