GNUCITIZEN

There is a serious flaw in the DNS system and apparently it is a design bug, the types of bugs I like the most. I am very curious to learn what exactly Dan has prepped for us and I get the feeling that we will be deeply shaken by its simplicity.

Although, I have no clue what this bug is, and I am also reluctant to pursue its mystery for my own entertainment, I will try to express what it could be by walking you through a simple process of thinking by elimination. [...]

In this post I would like to summarize some of the things we (GNUCITIZEN) have achieved so far. I am writing this post purposefully for myself, and for our group and I hope that we can use it as a base reference point to go even further.

When I look back, it looks like we’ve done a lot, yet it still feels that we could have achieved so much more. [...]

Well, this is going to be a very quick post. I would like to let you know that SecUrls was redesigned and now it feels a lot better then before. Keep in mind that this is just an experiment just like some of our other projects. If it does not prove to be valuable for us and others, we might shut it down.

If you have any suggestions or comments, let us know from our contact page.

Save all your passwords and session identifiers in the cloud with Mozilla’s Weave. What do you think about that?

Now this is not entirely unique feature to Mozilla only. We’ve seen the same trend with Microsoft’s Live Mesh and I suspect that Adobe and Yahoo are currently working on their own clones. These types of technologies totally change the rules of the game. [...]

If you read the Wikipedia’s definition of Tiger Team you get the following: A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security. And further down we have In the computer security field, the term is now obsolete, and more common terms are penetration testers or security testers. [...]

I was flipping the pages of the latest SC Magazine and I am afraid to admit that it was very boring.

And this is not because the idea behind the magazine is bad. Not at all. It is mainly the fault of the numerous info security companies SC Magazine is listing, which are striving to sell you the latest crap that you don’t really need. Promises. Promises. And more Promises. But no substance! [...]

The fun with hacking UPnP enabled devices has just began. We’ve started our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which allows you to share all your laptop/desktop media content with all other devices you may have locally such as your phone, xbox, TV, and I suspect, your fridge. And all that via UPnP. That, I like very much. [...]

During the last couple of days we combined forces with Blogsecurity.NET in an effort to improve their online Wordpress vulnerability scanner. The result of these efforts is our new initiative called Blogsecurify.

Blogsecurify was created to help individuals and organization to secure their blog infrastructures by testing them against a set of security tests. The project is still in alpha stage although I am quite happy with the actual framework which I believe is the only one of its kind. [...]

Ok, ignore the image. This is the best I could find online. This post is about a thing I happen to notice while messing around with my own Google for Applications accounts.

Basically, Google allows you to use custom domains for your Google for Applications, Blogspot, Mashup Editor and of course App Engine accounts. I think this is an excellent feature and I use it for several of my domains. [...]

This year’s OWASP Europe event was based in Ghent, Belgium. I had to take an early train from London to Brussels, which is by the way dead easy. As usual the event was excellent.

Now there were a few funny things but the most funnies of all was that I’ve got flagged by Seba for having a sales pitch within my slides. Actually, my intentions were totally different. Moreover, it is silly to sell very niche services to wide-range of Web app guys. I will never do that. [...]