IT security scienceHow to get beyond mindless blindness - every-day social engineeringIs everybody being deceptive?When we're not there, we aren't there to know that we're not there.  I recently listened to the 7th episode of the Social Engineering podcast. - That made me take some notes, and I think I remember some quotes.
Socially pwned It's the famous data-kraken! He'll get us all. When I was playing around with Facebook lately to setup an excuse account with my valid eMail address, in case some retard wants to impersonate me, I found out that social networks not only collect member data. Newer (iPhone/i* - stuff) applications for example make users synchronize their phone contacts into these web-services.
Building a cheap home-hacking labwishi's Fuzz-Box A Fuzz-Box for me is a standalone machine. It has to:
Scaling Hardware?You don't want a performance monster. - Or a gaming machine. And you do not want trash, because you're going to spend valuable time with it.
Creating attack-strings, circumventing NX,and just for fun: RubyReach the registers
View at: Practical Cryptography"Hey, it's easy"Practical Cryptography by Niels Ferguson and Bruce Schneier is not necessarily scientific. In fact that's where it's making a difference: it's not just theory and addresses modern problems with cryptographic implementations pragmatically. It's for people who audit these kinds of source code; for example.
Using Threat Modeling to analyse entry pointsHow to think securityPeople in application development generally have different perspectives. Developers often focus on getting stuff up and running in an efficient feature-rich way, testers focus on confidentiality, integrity or stability/availability issues... Marketing focuses on getting Outlook to display yesterday's i-Mails with smilies. :) Well, lets forget these people here.
Creating much more interesting fuzzers with MSFAll these protocols are belong to MetasploitIf you want to create a network-fuzzer you have to transport your inputs through a specific protocol. Performance in most cases isn't an issue. While I'd prefer to use ICC or at least efficient C for file-fuzzing or other CPU intensive programs, network fuzzing doesn't have this requirement. The Metasploit framework implemented a nice suite of libraries adaptable for network-fuzzing which helps to create a new fuzzer within minutes. Furthermore within ruby 1.9 there're performance enhancements that soon will be supported officially ;). So let's fuzz faster. There're certain interesting fragments:
|
TagsSearchSyndicate Recently twittered
NavigationRecent blog posts
Articles and morePopular content The Solarish - Dtrace Powershell Cheat-Sheet Mirrors and more: Seeker's corner I collect the net: a note DB Code: LinkrollUnprotectedHex Xecurity - a collecter The Security Catalyst community Freedom To Tinker Woodmann RCE forums SecViz - security gets visible You hack naked, too? I am Legion
ImprintLicenseAll texts appear to be licensed within the following conditions: This is under a Creative Commons-Lizenz |
Ihr Browser versucht gerade eine Seite aus dem sogenannten Internet auszudrucken. Das Internet ist ein weltweites Netzwerk von Computern, das den Menschen ganz neue Möglichkeiten der Kommunikation bietet.
Da Politiker im Regelfall von neuen Dingen nichts verstehen, halten wir es für notwendig, sie davor zu schützen. Dies ist im beidseitigen Interesse, da unnötige Angstzustände bei Ihnen verhindert werden, ebenso wie es uns vor profilierungs- und machtsüchtigen Politikern schützt.
Sollten Sie der Meinung sein, dass Sie diese Internetseite dennoch sehen sollten, so können Sie jederzeit durch normalen Gebrauch eines Internetbrowsers darauf zugreifen. Dazu sind aber minimale Computerkenntnisse erforderlich. Sollten Sie diese nicht haben, vergessen Sie einfach dieses Internet und lassen uns in Ruhe.
Die Umgehung dieser Ausdrucksperre ist nach §95a UrhG verboten.
Mehr Informationen unter www.politiker-stopp.de.
