July 17th, 2008 Anthony Towry
(IN)SECURE Magazine is back out with issue 17 hitting the stands. As always there are a few articles of note in particular. The first, Reverse Engineering Software Armoring is a great look at some of the ways that software can give the finger to a researcher. This is especially important stuff for those wanting to get into reverse engineering malware.
Second, Security flaws identification and technical risk analysis through threat modeling makes a thorough run through the basics of threat modeling and explores the area covered by a variety of popular methodologies. Very solid articles and I didn't even notice the vendor/product overload that I usually do...maybe I'm immune.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Metasploit is a tool that has forever changed the information security landscape. One would be hard pressed to find a tool as versatile, powerful and as supported in the hacking community today. On top of all that good mojo, it comes free of charge!
I get excited about Metasploit (who wouldn't). I wanted this book to match that excitement; To dive into Metasploit in new and exciting ways. It didn't. This book is written by some very smart guys, but goes about as deep as the average user guide. There's nothing new here really and most of what's discussed could be better absorbed through a few hours of playing with the application itself.
Overall this was a disappointment, one that could have been a whole lot better.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Friends, Wordpress 2.6 is out, which means support for 2.5 is dead. If you're running Wordpress and want to attempt to keep pace with the evil doers you probably need to consider upgrading.
Wordpress 2.6 does bring some new features worth a look, such as version control and theme previews.
Watch out though, during this upgrade my login appeared to be hosed. Clear your cookies before attempting to submit a username/pass combination to the new version. Cool right?
Posted in Site News | No Comments »
July 13th, 2008 Anthony Towry
Last year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project. Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.
Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched. I've passed a major milestone in my mangling, now sitting at 100.25 points! I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.
Let's keep it rolling! Join OSVDB and get mangling!
Posted in Community, Projects, Security | No Comments »
July 3rd, 2008 Anthony Towry
Some bright expo coordinators have created a social network on ning.com targeted at Oklahoma's IT professionals. I'm still a bit skeptical as to if it will take off or not, but it's worth a shot. If nothing else this will be one more place for me to peddle DC405 meeting times.
I love things that encourage geek collaboration. It'd be great if an OKCBarcamp came out of this sort of forum. I guess we'll see if it blossoms, or stutters and dies. Check out the OKTechOnline.ning.com group here.
Posted in Community | No Comments »
June 28th, 2008 Anthony Towry
This year's Defcon event is well under way. The speakers list has been finalized and I'm already thinking about what talks I want to make it out to.
Here's my hit list so far, which I'm guessing will get totally screwed by the time slots.
- MetaPost-Exploitation : Valsmith and Colin Ames
- VulnCatcher: Fun with Vtrace and Programmatic Debugging : atlas
- Playing with Web Application Firewalls : Wendel Guglielmetti Henrique
- Grendel-Scan: A new web application scanning tool : David Byrne and Eric Duprey
- Wide World WAF's : Ben Feinstein
- Advanced Software Armoring and Polymorphic Kung Fu : Nick Harbour
Additionally, the EFF and All Your Sploits Are Belong to Us panels might be fun. Oh, and whatever Dan Kaminsky has to talk about will most certainly pack the house.
Posted in Uncategorized | No Comments »
June 22nd, 2008 Anthony Towry
The team over at Remote-Exploit.org have finalized version 3 of their amazingly useful and ever popular Linux security LiveCD, Backtrack. If you've been hanging around security folks very long you're probably familiar with the capabilities of this distribution. If you haven't checked it out, this is a great time to jump into it. Take a look at the new ISO at http://www.remote-exploit.org.
Thanks for all the hard work Remote-Exploit.org guys!
Posted in Operating Systems, Security | No Comments »
June 21st, 2008 Anthony Towry
Vintage potentiometers are on the loose here at CalculatedDecision.com. We've got a box of these rare and hard to find components that need a home! If you want to go old school on some audio equipment or other vintage device these may be just the thing. Check out the page for more information on purchasing.
Now back to our regularly scheduled programming.
Posted in Hardware | No Comments »
June 17th, 2008 Anthony Towry
Firefox 3.0 is out in full force and you still have time to participate in Firefox Download Day! Get over to http://www.spreadfirefox.com, select your region, and get another download counted on the ticker.
I just got FF3 installed and the hotness is undeniable.
Make sure you get the real deal though, apt-get install firefox-3.0 still hands out Gran Paradisio, so install manually on Debian based hosts.
Posted in Software | No Comments »
June 11th, 2008 Anthony Towry
For those testing the rendering or JavaScript (XSS attacks) engines of IE there is a new tool that might be quite handy. DebugBar brings IE 5.5 through IE 8 onto your desktop and allows for some sweet tabbing and other features not found in previous solutions such as MultipleIEs from Tredosoft.
This project has a lot of potential for web developers and testers. Check it out.
Posted in Testing, Web development | No Comments »
