Comments on: Security and hacking scene in London

By: Paul Guckian

Paul Guckian — Sun, 20 Apr 2008 09:49:10 +0000

I agree that it is difficult to get the attention of the security community as they have the commerical challenges and priorities. Delaney Consulting have lined up some intermediate level security courses at weekends to try and address the work/life demands. I would be interested in coming along to your meetings…in my experience it can take a long time fo these groups to become popular and then bang, out of nowhere you’ve the other problem of not having enough room to fit them all. Keep up the good work.

By: aramosf

aramosf — Tue, 18 Mar 2008 12:48:55 +0000

Uhmmm, as i seen you only view bsqlbf1.0, not 1.2 you can optimize to only 7 hits/char (or less if you know the file/string to get is only ascii). Please take a look in the code at http://www.514.es.

# Wed Jul 12 14:04:33 RST 2006
# + change sql teqneez mcdonalds powah 8) (more than 40% optimization)
# please, rip me!!, make your own paper!! =]
# + support for windows files (for example: C:\\boot.ini)
# + support for ” and 1=”1 sql injection
# + -binary and -ascii support
# - -charset option removed
# - -dict option removed
# + upgrade to v1.2

You can use something like:
” and (ord(user()) & 0)=0″ and “1″=”1

Optimize blind sql injections is nothing new, maybe you read some presentation with this information, i think bh or defcon have some old paper with this.

By: Router Hacking Challenge | GNUCITIZEN

Router Hacking Challenge | GNUCITIZEN — Sun, 03 Feb 2008 16:22:51 +0000

[...] to map the current state of embedded devices vulnerabilities. GNUCITIZEN members have been actively involved with finding vulnerabilities in routers in the past. We believe that embedded devices hacking is a [...]

By: Stephen

Stephen — Wed, 12 Dec 2007 22:24:05 +0000

I’m currently studying in London and want to join in on these type of events, but I to find that they are not normally well advertised.

Perhaps I’m looking in the wrong areas?

Or I find out about them after they happened.

By: Adrian Pastor

Adrian Pastor — Wed, 12 Dec 2007 13:02:32 +0000

@pdp - glad you like the slides :) . btw, I talked to R. Marcos yesterday and he said he’d send me the slides. I will add a link ASAP.

@fazed - True they are not advertised enough. I think dc4420 got it right by sending posts to security mailing lists such as Full Disclosure. I think that really helps people remembering the next meeting date.

@Arkan - you just missed the dc4420 drinking party yesterday!

By: Daniel

Daniel — Wed, 12 Dec 2007 11:28:04 +0000

Having started the OWASP London chapter and sorted a few london meetings, I can tell you it’s a damn hard job.

The problem with london is that everyone is busy, and after a long day you often feel like going home and relaxing with the family/wife/girlfriend/boyfriend etc.

It sucks, i wish it was more like the US side of things, but it’s a price you pay for being in such an aggressive market

By: Arkan Suleymanovic

Arkan Suleymanovic — Wed, 12 Dec 2007 11:16:48 +0000

Well, I’m a security professional living in working in London (not getting paid a very good salary though!) My only excuse is that usually we (me and colleagues) are too busy to attend.. We always talk about attending to OWASP and 2600 meetings and we even place it on our schedules but then when the day comes, it’s always a client work or a deadline that gets the priority..
Still, we would like to join and will try our best to show up in Picadilly for the next 2600 meeting!
Cheers,
Arkan

By: fazed

fazed — Wed, 12 Dec 2007 00:17:28 +0000

I live in england and would love to go to one
of these conventions but they aren’t advertised
enough..

By: pdp

pdp — Tue, 11 Dec 2007 21:10:21 +0000

ap, 10x for putting this presentation together, it is really good…