GNUCITIZEN

A couple of years ago I started a project called AttackAPI. It kind of became a hit at the time because there was no other project that was doing the same thing. Btw, the situation remains the same.

Today the project is kind of dead because I am not actively developing it anymore. Most of my development time go to projects of greater importance such as Netsecurify, Websecurify, Blogsecurify and several others. [...]

I thought that this will be interesting to some of you. This is how GNUCITIZEN looked like back in 2005 when it was just a personal website rather than a group of like-minded people as it is today.

It is quite nice to look back and see how things progressed over the years.

Just a couple of months ago, we started HoH as one of our social experiments. Initially the network was composed of just about 10-15 people and there was nothing fancy about it. We didn’t even have a domain although we promised to ourselves that if we reach 1000 members we will certainly look into buying a domain and also investing into other resources.

Amazingly, we reached the 1000 cap quite rapidly and today the HoH network is just over 6000 members. [...]

I am sure that you know this song. Yes, Daft Punk absolute rocks, although this post is about malware not the band.

Anyway, I was going through some blogs today and I stumbled across some articles regarding a malware affecting MacOS. Apparently this piece of malicious software is of a type downloader/installer. All it does is to connect to a remote server, fetch the payload and execute. Nothing special really! [...]

Oh yes, we certainly do! And let me tell you something: they ain’t going to be quite the same thing as what we are used to.

Back in the days all you needed was a poxy, a dummy scanner/spider just to lift of your back some of the repetitive and boring things, and your brain. You are pretty much settled. Today, you need to do things beyond that. Web technologies are just starting to show their ugly face and we are here to see/experience them for the first time. [...]

I am sure that by now you’ve seen/heard a lot of rants about how insecure cloud technologies are, etc. What worries me is that these claims are made by people who have never worked with cloud technologies and therefore have no clue on the subject whatsoever.

All of these claims actually have a common root. It is only logical to think that Gmail perhaps is less secure than your self-hosted email solution, for example. [...]

This morning I was reading an interesting article from Ryan Naraine (ZDNet Zero Day Blog) regarding a Facebook worm which uses RSS feeds and in particular Google Reader to strengthen its attack strategy. Interesting…

If you have been following GNUCITIZEN’s research and in particular this blog, you know this is not a big news since I’ve been describing the numerous web2.0 attack strategies countless of times. Perhaps you remember my paper on hacking Web2.0? [...]

The WP Blogsecurify 1.0 wordpress plugin is out.

What does it do?

WP Blogsecurify is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...]

According to Wikipedia:

It continues continues: Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of harassing even advanced computers and networks.

Anyway, according to Wikipedia, I do not know a single person involved in the information security industry today that does not fit the description of a script kiddie. [...]

Someone on LinkedIn asked: Is Information Security driven by compliance? to which I say yes and this is a problem!

My long answer goes like this:

This is certainly not the best answer. Follow the discussion over here. You are not going to learn anything technical but at least you will get a good idea how the majority of security professionals on LinkedIn think.