The CCDCOE (Cooperative Cyber DefenceCentre of Excellence) held its Conference on Cyber Conflict in Tallinn, Estonia. It was an interesting opportunity to see some of the issues that lurk beneath the “CyberWar” banner. Charlie Miller (of pwn2own fame) and i were invited to talk about things from an attackers perspective. Both our talks avoid the question of “Is the threat real?” (Which i think was answered awesomely by the talk given by Bryan Krekel and George Bakos of Northrop Grumman), …
Author: haroon meer
The Mail & Guardian published their 2010 list of “200 Young South Africans you must take to Lunch“. According to their page: “These are young people who will shape our country in the decades to come, in the sporting arena, in public life and in business.” I made the list under Technology, which was really quite flattering. (thanks M&G, @singe) Deels forced me to attend the lunch (which i would normally have found an excuse to avoid), and i was …
A while back i thought it would be nice if we had an authoritative source of memory corruption attacks (and mitigations) in a single document. I resisted mainly because: It seemed like a lot of drudgery for something we have been able to do well without, It steers towards the word “taxonomy” [1] I was a little lazy. [1] Dave Aitel has posited that “people who thing (sic) of things as “Taxonomies” are always headed in the opposite direction from …
With the Champions League reaching it’s crescendo, and 2010 being a world cup year, it’s hard to get away from sports mania. I can understand national pride and I can even understand the joy of a good match. (I was sport crazy through high school/university and sometimes played up to 3 organized football marches per week (for different teams in different leagues)). What I don’t get is the insanely fanatical talk of “my team did X” or the even stranger …
It doesn’t matter how many conferences you present at, or how much you hate LasVegas, around this time of the year those are very happy, welcome words. I’ll pop more details on the talk here in a few days (especially since I’m hoping to co-opt some of you). Interestingly enough, despite almost a decade of Blackhat/Defcon’s, it’s the first time I’ll be free to take a training class. I’m pretty stoked! /mh …
A while back i thought it would be nice if we had an authoritative source of memory corruption attacks (and mitigations) in a single document. I resisted mainly because: It seemed like a lot of drudgery for something we have been able to do well without, It steers towards the word “taxonomy” [1] I was a little lazy. [1] Dave Aitel has posited that “people who thing (sic) of things as “Taxonomies” are always headed in the opposite direction from correct” Late …
I wanted to play with Django, so built this “toy” project to kick the tires. If you are on twitter (and don’t protect your tweets), check out http://fun.thinkst.com/land. It’s a very simple application that will grab a list of the people you follow, then grab the list of everyone they follow, to give you the top n% of people they follow that you dont. My favorite feedback on it so far was: @narvanitis: wow i dont follow @mdowd Reason enough …
While talking to someone on IRC today, i mentioned that lot’s of young companies (and some old ones) are Cargo Cult Startups.. I was asked to explain (which is a sure fire sign that someone hasn’t been reading their Feynman), but figured i could probably elaborate. In his commencement speech at CalTech (and in his book “Surely You’re Joking Mr Feynman“) RPF talks about Cargo Cult Science. He was referring to Pacific Islanders, who having seen the planes landing from …
I just finished the new book from 37Signals – “ReWork“, and it was a reasonably enjoyable read. (It was actually the first book i read through the iPhone Kindle App, which is incredibly cool)(Would love to see that discussion at Amazon, deciding if they should support the iPad to sell books, or try to starve the iPad to sell the Kindle?.. but i digress..) There are many, many 37Signal fanboys and signal vs noise has to be one of the …
If you didnt figure that portswigger rocked for his elite “The Web Application Hacker’s Handbook“, or for managing to put out a tool ive never heard anything bad about (in an industry full of people who dont hesitate to say bad things..), you have to give him +1 for having the coolest ad that ever graced an infosec magazine.. BURP SUITE PRO v1.3 NOW* AVAILABLE New features Same logo More expensive http://portswigger.net *Product not available at time of …