This idea is perhaps stupid. Nevertheless, I rather document it here for good than not documenting it at all.
Here is the story. I had to reset the credentials of an online account I have. As usual, I went on the vendors’ site, clicked the forgotten password feature, typed my email address and clicked submit. A moment later an email arrived in my inbox with instructions how to reset the password. [...]
We’ve got some audio from the past Black Hat conference I’ve already talked about over here and here.
Keep in mind that without the slides it will probably sound very boring. Both parts of the presentation can be found here and here.
Alright. If you have been following the Full-disclosure mailing list, you have probably stumbled across several emails which claim that one of my GMail accounts have been compromised. That is right. It did happen but I am not that surprised since I’ve been expecting it after being unsuccessfully attacked for so many times during the last 3 years. It is interesting to me that shady characters from across the Net see me as a quite important person although I would say otherwise. [...]
Ok, ignore the image. This is the best I could find online. This post is about a thing I happen to notice while messing around with my own Google for Applications accounts.
Basically, Google allows you to use custom domains for your Google for Applications, Blogspot, Mashup Editor and of course App Engine accounts. I think this is an excellent feature and I use it for several of my domains. [...]
I was going though some feeds that have been aggregating for a few weeks without my supervision and I came to realize that the Web is on fire.
It is not just the hype which is obvious when it comes to things such as AJAX and Web2.0 but it is also about the other things yet to be seen. I see social networks that serve all kinds of purposes popping everywhere. Commercial, private, open, whatever, they all agglomerate people in a very, very rapidly. [...]
A huge part of what we do is to spot trends and have a look at them before it is too late. Today I would like to talk about Live Mesh, a technology you are probably not very familiar with but it is a brand new thing and it will hit the streets in the next couple of months. Therefore, it is a good candidate for abuse from attackers, bot masters and other friendly inhabitants of the Undernet.
The idea is very simple. [...]
The Hack in the Box (HITB) conference that took place in Dubai, was all in all great fun. I would like to personally thank Dhillon, Belinda, Amy and everybody else from the HITB crew for making this event possible and making sure that everybody had a good time. The devil is in the details and this is what makes HITB the best conference in Asia and the middle-east region. I am anxiously looking forward to HITB KL. [...]
The Black Hat Europe 2008 event took place on the 27th and 28th of March. In this post, you will be able to find information regarding my talk and research.
My presentation was titled Client-side Security. Here is the abstract:
The event was very interesting and very well organized. I met a lot of people and had very interesting discussions all together. You can download the conference materials from here. The paper is located here and the slides over here. [...]
I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!
When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. [...]
Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.
It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]
test your web apps with websecurify application security testing runtime