Category: Privacy Subcategory: information
Security notes from Jonathan ...
This feed is provided by, the responsiblity of the provider. Click the link above for complete information.
Last Update: Sat Mar 14 05:33:43 2009 | | + What nations are for +
"The world is full of unimaginable horrors and humans being deprived from basic necessities and rights. The idea of a nation is to [...] possibly do something about the terrible condition in which you and your fellow citizens exist." - Anonymous comment on slashdot |
| + Loop speed comparison +
I was optimizing some code recently and noticed that there was a huge difference in speed with certain types of loop. I'm running [...] 0.00 0.00 245.21 1 Object#time_it (perf-loops.rb:8} # 0.00 245.21 0.00 0.00 245.21 1 Proc#call (ruby_runtime:0} #---- |
| + Wilkins Law of Modern Life +
Some of the renovations I've been doing around the house have lead me to believe this: If what you're doing sucks and isn't in a [...] Building a good steadycam can be done for $30 (or a passable one for almost free) or you can dish out $800 for one made by Steadicam. |
| + Quick Build Hacks for OSX +
When you're building code under OS X, there are a few changes you'll often have to make to the Makefiles. LIBTYPE=dylib # instead of [...] -undefined supress # instead of '-shared' LDRFLAGS= # instead of -Wl,... DLDFLAGS=-bundle # instead of -rdynamic, -Wl,... |
| + Capistrano 2 can handle different usernames on different hosts +
Sometimes you'll want to deploy to different servers with different usernames. I googled around and didn't find a clean solution, [...] to do is add an entry like the following to your /.ssh/config file. Host your.host.name HostName your.host.name User username |
| + Quick Proxy, or Why I Love Ruby pt 9215 +
# Quick basic proxy, just strips accept-encoding header and dumps # to files in the local directory using the WebScarab naming [...] open("#{$count}-request", "wb+") { |f| f Proc.new{|req,res| open("#{$count}-response", "wb+") { |f| f |
| + Conducting interviews +
I haven't interviewed anyone in a long time, but I had a thought today. The next time I do one, I'm not going to ask any coding [...] to churn out decent code than the guy who can whiteboard a quicksort. (Though it's known as the One True Brace Style for a reason...) |
| + Ruby's equivalent of Python's setattr +
I am still really new to Ruby but I'm jumping in with both feet. As a result I figured out metaprogramming before I knew what the ! [...] security of the eval, but the technique is useful and I couldn't google a better solution. If you have something better, let me know. |
| + IEs4Linux +
Check out IEs4Linux , a really easy to install set of Internet Explorer versions that will run on Linux under Wine. The build ... |
| + Switching +
So I've made the switch, though not the one that most people in the security industry have made. Instead of going to Apple , I've [...] in a USB tablet instead of using the built in tablet, which isn't as good as the external Wacom tablet I use anyway... Given my ex |
| + Fixing the Firefox profile selection dialog +
If you have a bunch of profiles, then the non-resizable profile selection dialog that pops up when you launch Firefox is a bit of an [...] firefox-2-toolkit.jar , if you don't want to do it yourself. All Firefox sessions have to be closed in order to replace toolkit.jar. |
| + Glitch Attacks and Amateur Cryptographers +
Nate 's blog (rdist) talks about Glitch Attacks and links to some good papers on the topic. Basically, this is probably the most [...] that this technique seems to have originated with the pay-tv hacking community, not from academics or conventional crypto researchers. |
| + A Positive Review for ProxMon +
Andre Gironda had some kind words for ProxMon, saying "Last month was web application security awareness month. Just as I [...] SPI Dynamics) being #1 and ProxMon (Jonathan Wilkins, iSEC Partners) being #2. Or maybe flip that ordering."
Thanks Andre! |
| + Official Release +
I've been on the road for a couple weeks now with unreliable net access but last Friday ProxMon was officially released at Black ... |
| + CanSecWest 2007 +
ProxMon was accepted for CanSec this year, so I'll be speaking there as well. That's perfect because I've been missing Vancouver ... |
| + ScarabMon has been renamed ProxMon +
When I started the project, it was just a couple of quick scripts that parsed the WebScarab log directory. Then I discovered that a [...] so the distributions will be released off the iSEC tools page . It will be available the day I speak, which will be March 30th. |
| + GMail supports perl style regex +
I knew that Google's Code Search supported regex style searches , but I didn't realize that GMail did too.
Gmail [...] Dug Song's Static Code Analysis Using Google Code Search
UPDATE: I was wrong about standard google search, it's just gmail |
| + ScarabMon at BlackHat Europe +
I've been working on a new tool for automating web application penetration tests and I'll be presenting it at BlackHat Europe 2007 . [...] site up soon, but if you have questions, just email me (jwilkinsatbitlanddotnet). I'll also be looking for beta testers pretty soon. |
| + IE not much better in 2005 or 2006 +
Brian Krebs' Security Fix blog did some followup on the scanit.be report on 2004.
Apparently IE fared slightly better [...] days.
I didn't see similar statistics for Mozilla for the same period in Krebs' posts, so I hope he does a follow up post. |
| + Fully patched IE safe only 7 days in 2004 +
I can't find a date on the article, but the folks at scanit published a paper on browser security in 2004 . They went through [...] 2/12 months.
To recap, vulnerable days by browser: - IE (358/365)
- Opera (65/365)
- Mozilla (59/365)
|
| + Multiple Instances of Portable Firefox +
Firefox Portable is great when you want to test against prior versions of the browser, but by default it doesn't allow multiple [...] Firefox installation to the same directory as FirefoxPortable.exe and change the AllowMultipleInstances line to true. |
| + Only allow GET and HEAD requests under Apache +
Disallowing TRACE under Apache is a standard requirement for most sites these days due to Cross Site Tracing (XST) . Most pages that [...] Also note that if you're using virtual hosts, you have to place this in each VirtualHost section as it's not inherited by default. |
|
title: Bitland.Net Security Notes ; RSS XML Feed
| More Featured Listings
What people are searching for:
•
|