crazylazy.info

Is everybody being deceptive?

When we're not there, we aren't there to know that we're not there.

I recently listened to the 7th episode of the Social Engineering podcast. - That made me take some notes, and I think I remember some quotes.
In short it was simply about using familiar routines - or those routines which should be familiar - in order to successfully blind somebody else's mind into a routine workflow.

How to think security

by Ivan Ristic, just a part of it

People in application development generally have different perspectives. Developers often focus on getting stuff up and running in an efficient feature-rich way, testers focus on confidentiality, integrity or stability/availability issues... Marketing focuses on getting Outlook to display yesterday's i-Mails with smilies. :) Well, lets forget these people here.

Some AV Vendors Lack Efficiency

Once upon a time we were living in a world where creating protective technology, still called Anti-Virus, was a good thing to do. These days vendors seem to be too relaxed with the idea of selling the pig in a poke.
(Source: Roel Schouwenberg's rant ;) - yes I reversed his message)

That's a good PW generator. There're others.

A lesson learned

A lesson a co-worker, Bob, learned recently was: never trust. He's a security minded and competent administrator and specialized at security. However - something we have in common: lazy.

When Bob recently created a bunch of new passwords, he used a website, created an account, and what's very convenient: all the generated passwords are stored in a table. He added some usernames and used the website a while. There're password recovery functions. A real work-saver, however the setup is not local and does not belong to the company.

nowadays with "Agent Smith sunglasses" and TFT

We don't teach you...

I recently joined a channel on Freenode IRC and asked where to find some documentation for a special Metasploit auxiliary module, that was very new in the SVN repro. hdm sometimes is lurking around, people there normally are very friendly and helpful. It turned out not to be that typical day: "We don't teach you how to hack [...] use Google" - But we use your exploits?!

About IT security and more

hey guess what: the trojan horse has got a black hat :)

The conference material at BH is always kewl. Attending to this con is highly expensive because it's far away - in my case. Well... here's the material publicly available. For personal entertainment: Follow this link.

Highlights for the moment

old DDR customs official's watchtower

There's no censorship in free democratic states?

The Federal Republic of Germany begins to restrict information access for its citizens (again) - in the uttermost dubious and ineffective way. Due consistent lack of technical knowledge and unnatural high resistance against arguments freedom of speech is about to cease to exist. Within the borders where some time ago poets, thinkers and libertines had a right to simply express themselves, those troublemakers nowadays are to be silenced.