Ok, ignore the image. This is the best I could find online. This post is about a thing I happen to notice while messing around with my own Google for Applications accounts.
Basically, Google allows you to use custom domains for your Google for Applications, Blogspot, Mashup Editor and of course App Engine accounts. I think this is an excellent feature and I use it for several of my domains. [...]
I was going though some feeds that have been aggregating for a few weeks without my supervision and I came to realize that the Web is on fire.
It is not just the hype which is obvious when it comes to things such as AJAX and Web2.0 but it is also about the other things yet to be seen. I see social networks that serve all kinds of purposes popping everywhere. Commercial, private, open, whatever, they all agglomerate people in a very, very rapidly. [...]
A huge part of what we do is to spot trends and have a look at them before it is too late. Today I would like to talk about Live Mesh, a technology you are probably not very familiar with but it is a brand new thing and it will hit the streets in the next couple of months. Therefore, it is a good candidate for abuse from attackers, bot masters and other friendly inhabitants of the Undernet.
The idea is very simple. [...]
The Hack in the Box (HITB) conference that took place in Dubai, was all in all great fun. I would like to personally thank Dhillon, Belinda, Amy and everybody else from the HITB crew for making this event possible and making sure that everybody had a good time. The devil is in the details and this is what makes HITB the best conference in Asia and the middle-east region. I am anxiously looking forward to HITB KL. [...]
The Black Hat Europe 2008 event took place on the 27th and 28th of March. In this post, you will be able to find information regarding my talk and research.
My presentation was titled Client-side Security. Here is the abstract:
The event was very interesting and very well organized. I met a lot of people and had very interesting discussions all together. You can download the conference materials from here. The paper is located here and the slides over here. [...]
I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!
When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. [...]
Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.
It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]
In the tiger team operations we have been involved with, I often end up hacking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the less interesting the system is, the higher the chances to be insecure. A successful exploitation of these systems often leads to successful exploitation of the network and other adjacent systems. [...]
I am just using the opportunity to let everybody (mainly pals who expect to see me there) know that I am heading off to Black Hat Europe 2008 in Amsterdam (as usual).
Supposedly, there are four full tracks for two days but I can see only two - or is that four track for two days - sounds more like it? I am speaking in track two on the first day, first slot, of the event, starting at 10:00 and finishing at 11:15, if everything goes as planned. [...]
One of the fundamental rules, which you wont read about in any security book and you can learn only through experience is that everything is in symbiosis. This means that the security models of the individual components in a system are co-dependent. For example, the security of a server is dependent on the security of the individual clients connected to it and the the security of the clients depend on the security of the servers they are interacting with. [...]