Steve on Security

Rating:   Functionality-7/10            Ease of use:  8/10               Usability: 9/10

This week I’ve been testing Gbridge.  Gbridge is a (currently free) extension to Google’s Gtalk network service for Windows 2000/XP/Vista/7.  Installed as an agent, it will automatically create a VPN tunnel between other computers running Gbridge and logged in under the same gTalk account.   You can also  extend the VPN to Gtalk friends by  invitation. Gbridge also has some nifty features such as folder synchronization, remote desktop share (VNC), automatic backup, live browsing, chat, and tunneling of RDP and other TCP/UDP protocols.  Gbridge also integrates with Google Apps accounts, making it easy to create VPN within organizations that utilize Google Apps.

APPLICATION SUPPORT: I tested several applications over Gbridge such as RDP, NetBIOS shares, FTP and even a little NMAPpery — everything worked like a champ.  Gbridge has built in firewall functionality, allowing you to allow/block traffic to and from other Gbridge clients logged in under your gTalk account as well as specific firewall rules for connections to other gTalk friends’ computers.

THROUGHPUT:  Gbridge will, like many p2p platforms, try to establish direct connections between Gbridge clients, even if behind a NAT device using some UDP NAT traversal tricks.  If for some reason it cannot traverse the NAT device(s), it will use Gbridge servers as a proxy, or you can manually setup port forwarding.  In my testing between my house (7Mb DSL) and the office (10MB fiber) I got a respectable 2.5Mb throughput using CIFS copy and about the same using the built in SecureShare HTTP copy.  Not bad for NAT traversal.

SECURE SHARES: Want to share a folder or group of folders out to your gTalk friends?  Not a problem.  The Gbridge pointy-clicky interface allows you to share a folder with other PCs logged in under your gTalk account; individuals friends accounts; and apply file filtering rules and additional password protection.  Very nifty for a quick file transfer or leeching.

AUTOSYNC and BACKUPS: Quickly becoming one of my favorite functions.  Setup a SecureShare on one or more of your GBridged computers, and you can “AutoSync” it at will.  Great for syncing work/home files or pwning a headless server.  Not as elegant as ncat, but workable and everyone allows access to google servers these days.  Backups work much the same way — a one-way sync of a SecureShare.  Fast and easy DR/COOP.

CAVEATS:  if you have a host firewall or Host-based intrusion prevention service like eEye Blink, be sure you pre-configure rules to allow gBridge to do its thing.  When I was testing the utility, I forgot to disable the firewall service before I left for work and as a result when I tried to connect from the office, the connection failed because Blink was popping up dialogs on my home PC asking if it should allow the inbound connection.

The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.

http://www.cigital.com/justiceleague/2010/08/16/software-security-crosses-the-threshold-in-2009/

Not sure why I never stepped on this before:  This is a well managed aggregrated news site + original content http://venturebeat.com/

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and used a non-Ubuntu-traditional Window Manager, with no DM. To start X11 (Fluxbox) simply type “startx” at the command line as root.

Well, 2G ATT and TMobile anyway.  Over at Wired

Hey, it’s not like you could bring down the grid or anything.  #root #fail  Pop over to SC Magazine

One of my new favorite toys.  One use:  pop a client site, take a round of photo’s, show a panorama of pwnage http://research.microsoft.com/en-us/downloads/730cd6bb-6450-4e66-8101-a94e71cb0779/default.aspx

I like free.  http://www.gbridge.com/

Gbridge is a free software that lets you remotely control PCs, sync folders, share files, and chat securely and easily. An extension of Google’s gtalk service, Gbridge automatically forms a collaborative, encrypted VPN (Virtual Private Network) that connects your computers and your friends’ computers directly and securely with patented technology. Gbridge has many unique features.

DesktopShare(VNC): Access your computer desktop remotely or share your desktop with your friend from anywhere in the world. Gbridge automatically traverses firewalls and NATting routers without the need for configuration!

SecureShare: Securely share files among your own computers, so you can remotely access your files, e.g. play mp3 , with ultimate privacy.   Securely share files to your designated friend, so the selected friend can instantly view the auto-generated photo thumbnails and slideshow remotely. No web upload/download needed!

AutoSync: Transfer large files and synchronizing folders to and from anywhere has never been easier. AutoSync supports auto-schedule, auto-resume, incremental transfers and no size restrictions!

EasyBackup: Setup an auto-recurring backup of your important folder to a local or remote PC is as easy as 1-2-3!

**Remember, these roots  simply give you system file access and the ability to tweak a few other things — NOT install/flash custom roms, kernels, etc.

1. Droid X (Birdman method) - http://alldroid.org/Default.aspx?tabid=62&g=posts&m=6151&#post6151
2. Droid X (1-click) http://alldroid.org/Default.aspx?tabid=40&g=posts&t=553 and download DroidXRoot.zip

YMMV. Includes info from the Secret Service and some of their cases.  Not much changed from previous years.

Who is behind Data Breaches?

• 70% resulted from external agents
• 48% caused by insiders
• 11% implicated business partners
• 27% involved multiple parties

How do breaches occur?

• 48% involved privilege misuse
• 40% resulted from hacking
• 38% utilized malware
• 28% involved social tactics
• 15% comprised physical attacks

What commonalities exist?

• 98% of all data breached came from servers
• 85% of attacks were not considered highly difficult
• 61% were discovered by a third party
• 86% of victims had evidence of the breach in their log files
• 96% of breaches were avoidable through simple or intermediate controls
• 79% of victims subject to PCI DSS had not achieved compliance

Jump over to Verizon for the report: http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

http://www.plainsight.info/

I just did a presentation to the State of Mississippi on USB as an attack vector.  The vector continues to evolve.. I love it. … another tool for my kit! http://grandstreamdreams.blogspot.com/2010/07/windows-zero-day-exploit-usb-storage.html and http://blog.didierstevens.com/2010/07/18/mitigating-lnk-exploitation-with-ariad/ and http://blog.lumension.com/?p=3214 and a proof of concept http://www.exploit-db.com/exploits/14403/ and a metasploit module http://www.metasploit.com/modules/exploit/windows/browser/ms10_xxx_windows_shell_lnk_execute *update:  Zeus botnet exploiting it: http://www.theregister.co.uk/2010/07/27/zeus_exploit_shortcut_hole/ * *update:  M$FT releasing out of band patch: http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

http://icanstalku.com/

Everyone loves to post things to their Twitter account. Every day, people post things about the minutiae in their lives, from where they had lunch to what their kids are doing. People also are using services that allow them to post photos of these things. Because after all, a picture is worth a thousand words and isn’t limited to 140 characters. This seems great, but did you know that for a lot of folks, whenever they post a photo of their lunch or kids, also included in their thousand words are details about their exact location of where they took the photo?

Now, we love Twitter and posting photos of our lunch, however, we don’t feel that enough people realize what kind of data they are posting, albeit inadvertantly. By posting this information, they are allowing their movements to be recorded and analyized by anyone: from a government to a nosy neighbor. After analyzing your photos, someone could find out:

• Where you live
• Who else lives there
• Your commuting patterns
• Where you go for lunch each day
• Who you go to lunch with
• Why you and your attactive co-worker really like to visit a certain nice restaurant on a regular basis

do it. http://tombuntu.com/index.php/2008/09/04/four-tweaks-for-using-linux-with-solid-state-drives/

Wow.

“Dominator I” sounds more like a monster truck than a collection of small boxes that collectively erase 20 years of relatively secure wireless phone service, doesn’t it? Alas, what you’re looking at here is a convenient, plug-and-play solution for exploiting the hard work the world’s hacking community has put into cracking the A5/1 encryption used on GSM networks in Europe and the US over the past few years. The system consists of two nondescript white boxes, two directional antennas that you’ll point in the direction of your victim, and a laptop that you can use to get a glimpse at all of the phones currently connected to your nearest cell site and record up to four active calls simultaneously — and if you’re more of the text messaging type, Dominator I’s got you covered there, too, with full access to SMS.

Zachary Burt synopsis of the book, well articulated and detailed in the manner of Cliffs Notes.  Summarizes ways to systematically build rapport and control of a mark.  Useful for security engineers of all breeds.   Click on over

Other samples exist on the internet for training, but I have to admit these are pretty elegant.

When capturing “proof” that a client’s website has been popped, I use this application from time to time to capture proof of the compromise.  It takes single URL’s cut-n-paste of lists of URLs, and such.  Normally when a baddie pops a webserver, if it’s multi-homed or part of a farm behind a load balancer, you can do DNS magic to find all the other domains served up on that infrastructure, paste them into this application and capture proof of compromise in short order.  Multi-threaded, fast, lightweight and the unregistered version puts a watermark on the screencap.  Worth the $25 to buy.

Well done and humorous look at the PCI DSS requirements, performed in the manner of the old “Schoolhouse Rock” Saturday cartoons we all grew up to.  

http://blog.c22.cc/2010/03/19/firefox-search-add-ons-for-security-nerds™/

Find routers, web servers, ports, protocols, etc. by version, geographic location, etc.  Useful if you have an 0-day http://www.shodanhq.com/

http://www.csoonline.com/article/543613/How_to_Make_Things_Worse_With_IT_Security_Technology_

“Any field that’s dominated by its product and service vendors is an immature field.

Products can typically solve a narrow problem, but if you lead the security function at a large organization, narrow problems are rare. Problems are connected to other problems and surrounded by all the fun issues of ownership and stewardship and cooperation and accounting that make our lives rich and rewarding. (You may detect a tiny hint of sarcasm here, although it’s mixed with a larger portion of sincerity.)

Think of IT…er, management information systems…er, data processing back when it was all Big Blue over SNA. Costs were high and innovation was relatively slow. When the CIO voice became prominent—a business person running the IT shop based on the needs of the business, not the availability of whatever the vendors decided to put out—that’s when IT started to enable and contribute to systemic change and improvement.”

Amen brother.

http://www.csoonline.com/article/564963/Listening_In

http://www.skullsecurity.org/blog/?p=549

Critical Log Review Checklist for Security Incidents and some other good checklists by Lenny Zilster here http://zeltser.com/cheat-sheets/

• Security Architecture Cheat Sheet
• Troubleshooting human communications
• Security Incident Survey Cheat Sheet for Server Administrators
• Initial Security Incident Questionnaire for Responders
• How to Suck at Information Security

http://sahi.co.in/w/

Well rounded list of commercial and free scanners over at http://projects.webappsec.org/Web-Application-Security-Scanner-List

Check out the consolidated list of sources that “the man” uses to gather your personal information.  Get your reports, go over them with a fine toothed comb, and get errors corrected.  Oh, and be awed by how much of your life is available to anyone willing to pay to get it.  Very Scary.  http://consumerist.com/2010/02/get-all-your-reports.html

http://www.theregister.co.uk/2010/03/01/aurora_resistence_futile/

Full paper here .  iSecPartner’s recommendations are good.  However, while comprehensive and technically accurate, I think it would be beneficial to have an accompanying set of “triage” recommendations (Use GPOs to disable LANMAN hashes; perform egress filtering and alerting; never EVER EVER login with admin credentials – use sudo or runas; migrate to token based authentication).

Chris Merritt over at Lumension did a quick analysis of the HHS breaches of healthcare data for ~4Q09.  It pretty well repeats what most of us in the security industry have been harping on for years regarding healthcare information:

1. Theft (not accidental loss) is the biggest vector both in terms of # of incidents and total records compromised
2. The endpoint, NOT the datacenter, is your weak link

The picture is a bit different with respect to financial information and PII (application and endpoint security), but time after time we’ve shown that if I can pop your desktops, I can use them to pop your datacenter.

http://www.fyrmassociates.com/tools.html

GuestStealer v1.1 [ Download ] GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability detailed in CVE-2009-3373 and VMSA-2009-0015. GuestStealer was released at ShmooCon 2010 during Tony Flick’s ‘Stealing Guests…The VMware Way‘ presentation. Requirements Perl interpreter LWP::Simple perl module XML::Simple perl module Data::Dumper perl module Crypt::SSLeay perl module Instructions perl gueststealer-v1.1.pl -h <Host> -p <Web Access UI Port> -s <SSL Web Access UI> -t <Server Type> -o <Output Directory> -h = The target host (IP Address or Host Name) -p = Port for the Web Access UI (Defaults: ESX/ESXi = 80/443, Server = 8222/8333) -s = Is the Web Access UI utilizing SSL (yes/no) -t = Target type (server/esx/esxi) -o = Output directory Example Usage: perl gueststealer-v1.1.pl -h 192.168.1.2 -p 8333 -s yes -t server -o /tmp NessusPBE [ Download ] NessusPBE simplifies the process of understanding Nessus output by transforming the data into an actionable format. Specifically, NessusPBE reads in .nbe formatted Nessus reports and creates spreadsheets that can be opened by most office suites, including Microsoft Excel and OpenOffice Spreadsheet. NessusPBE creates three spreadsheets: a list of services identified by Nessus, a list of open ports whose service was not identified by Nessus, and a list of Nessus’ findings. Requirements Perl interpreter Nessus output in the .nbe format Instructions From a command line: ./NessusPBE.pl -i <input .nbe> -o <output prefix> Example: ./NessusPBE.pl –i AcmeBank.nbe –o AcmeBankNessus Open the resulting output files: <output-prefix>-OpenPorts.csv <output-prefix>-UnknownPorts.csv <output-prefix>-VulnList.tsv Example: AcmeBank-OpenPorts.csv AcmeBank-UnknownPorts.csv AcmeBank-VulnList.tsv

Just saw a new google adwords phish this morning.  Nothing earth shattering, but well done in the google minimalist style:

Screencap of the phish email

If you view the mail headers, you’ll see that the email was bounced off (yet another) open .edu relay, copeland.udel.edu.  Update your blacklists – in this case, MXLogic didn’t catch it.

eMail headers

Thought others might like my list of  Security feeds that I scan daily.  Some are very  active, some less so, and some defunct.  I get between 250 and 1200 items a day in this cluster, and can scan through, select, and flag interesting content in about 30 minutes a day using google reader.   Provided as a shared bundle from within google reader.

Man, this thing is sweet.  It took a bit of tinkering and resizing to get the migration from my old Maxtor 160G SATA-RAID setup to the new 128G SSDNow, but it was well worth it, and I added a lot to my toolkit along the way:

• built a USB MultiPass (I call it my U3-SwissBlade) with gParted, CloneZilla and several other nifty tools
• broke the RAID on my Maxtors
• Resized my partitions to fit on the 128G SSDNow using gParted
• Installed my SSDNow as my primary SATA drive
• used CloneZilla to do a disk-to-disk partition copy from the Maxtor to the SSDNow (this took a few tries since I had failed to move all partitions to the right after resizing and free up slack space — you really CAN’T get 160G onto a 128G drive!)
• Went through a few boot sequences until I discovered that my fstab was referencing root by UUID and thus GRUBbooting from the SSDNow and immediately mounting the old Maxtor for the rest of the OS Load.  Grrrrrgggggggggggh.  (Note, get confortable with the vol_id utility so you can find the unique UUIDs for all your drives and update your fstab to use UUIDs instead of device sequence numbers like sda, sdb, etc).
• uuidgen
  tune2fs /dev/sdb1 -U <numbergeneratedbyuuidgen>
  verify with vol_id /dev/sdb1
  vol_id /dev/hdaX

Performance is excellent.  My VMs load near instantly and no more disk thrashing.

I put one of the SSDNows in my old Dell D630 and it has made significant improvements in performance as well.  I may get another year or two out of this laptop after all.  Well worth the $230 I spent.

I’m interested in getting a SSDNow V+ to see if the write performance justifies the increased cost, but not until I do some benchmarking of my system to see if I am write-bound or not.

Having problems using unetbootin to install certain packages on your USB multipass?  Discovered recently that syslinux version differences between packages (like GParted) and unetbootin can cause nasty errors at boot:

SYSLINUX 3.72 2008-09-25 EBIOS copyright (cc) 1994-2008 H. Peter Anvin
Unknown keyword in configuration file: UI
Could not find kernel image:  linux
boot:

FIX:   Use a current syslinux or syslinux.exe (version 3.82 at the time of this writing, download here) to re-prep the USB stick:

Where z: is the drive letter of the USB drive.  This will install the newer version of syslinux on the USB drive and resolve those keyword issues.

syslinux z:

Tonight I perfected it.  Adjust to suit your tastes (e.g. leave off the hot stuff if you like)

Ingredients:

• 12″ thin crust
• 6 oz finely shredded mozarella
• 5 oz pizza sauce (or tomato sauce)
• 1 roma tomato, halved and sliced into 1/8″ slices
• 1/4  red onion, sliced in 1/4″ rings and quartered
• 1/4 cup pepper rings
• 1/3 green pepper, diced
• 2 TBsp Feta cheese
• Sliced Pepperoni
• 8 oz Chorizo, cooked, crumbled
• 8 oz spicy Jimmy Dean sausage, cooked, crumbled
• 1/2 cup mushrooms, sliced
• 3 cloves garlic, minced
• 3 pieces thick cut bacon, crumbled
• 2 Tbsp  capers
• 1 jalapeno, seeded, halved and sliced

1. Preheat oven to 450
2. Spread sauce on crust to within 1/2″ of outer edge
3. Evenly distribute mozarella
4. Evenly spread all other ingredients (meat first, then veggies, then feta cheese)
5. Cook in 450 degree oven for 9 minutes

Remove pizza.  Let cool for 7 minutes.  Slice.  Serve.  Enjoy.

I have seen this error in various software and it’s terribly annoying.  It most often pops up in outlook every single time you create an email, appointment or other object.  I thought it was originally isolated to the LinkedIn toolbar, but then it started happening with various MapiLab add-ins and other objects.  I have tried diagnosing binaries using reflector, analyzing the subject XML, etc. but the fix was ridiculously simple.   I must have wasted at least 10 hours of my life chasing “errors” that are nothing more than annoyances and don’t break any application functionality.  To turn these goofy errors OFF in MSOffice products:>

1. Go into the application’s Options (i.e. click the Office Button  and select “Options”)
2. Select “Advanced” from the navigation pane on the left.
3. Find the “Show add-in user interface errors” checkbox and unselect it.
   
4. Click the OK button.

Outlook operates a little differently:

1. Start Microsoft Office Outlook.
2. On the Tools menu, click Options.
3. In the Options dialog box, click the Other tab, and then click Advanced Options.
4. In the Advanced Options dialog box, select Show add-in user interface errors, and then click OK.
5. Click OK to close the Options dialog box.

A recent exchange with Delta Airlines went something (actual, EXACTLY) like this:

Welcome!
Note: During your chat session, Delta agents may be able to view your delta.com transactions. Additionally, chat conversations are recorded and monitored by Delta Air Lines.
Please wait while we contact the next available agent…
You are now speaking with Morris!
Morris: Hi! My name is Morris. How may I help you?
Morris: Hi! How may I assist you today?
Steve Goldsby : I just checked in online, and tried to print my boarding pass . When I do, I get a “page not found” error from the website. If I go back to my itinerary and try to “reprint” boarding pass, I get the same “page not found” error. Can you fix this or email me my boarding pass in PDF format so I can print it and avoid the lines at the airport? SkyMiles #: <xxxxxxxxxxxxxx>
Morris: Steve, I apologize for the inconvenience you faced on Delta.com; please give me a moment while I look into the matter for you!
Steve Goldsby : thanks.
Steve Goldsby : i also notice the flight is oversold. if you have seats on an ealrier flight, I would be happy to consider an earlier flight.
Morris: Let me check that for you. Just one moment.
Morris: I see on your reservation that you have already checked in, be rest assured you will get a print of the boarding pass at the airport.
Steve Goldsby : right. i don’t want to wait in line.
Morris: I will not be able to send a print of the pass via chat.
Morris: Did you receive my last response?
Steve Goldsby : i did.
Steve Goldsby : since the flight is oversold, is there an option to move to an earlier flight?
Morris: On the seat map I see that two seats are available 33 B and 36 F.
Steve Goldsby : okay. when i checked in the website said:
Steve Goldsby : Your flight is oversold. Delta is seeking volunteers with flexible travel plans to exchange their seats for compensation. Go ahead and check in below. If interested in volunteering see your gate agent at the airport.
Morris: To check in, print your boarding card and check your bags online, please go to our home page, click on the Itineraries and Check In under the tab Traveling and Check In, retrieve your reservation with your name and the confirmation number or ticket number, on the trip details page you will see the area at the top that says Check In, please click on that link and follow the instructions. You will also be able check in your bags online.
Steve Goldsby : I did that. website returns this error page at the “print boarding pass” page
Steve Goldsby : Requested Page Not Found The requested page could not be found on delta.com: * We may have removed the page or changed its web address. * Bookmark or link you clicked on might be incorrect. * Web address may have been mistyped. Recheck it to make sure it’s correct. How to Find Your Page: Use our Search tool to help you find what you’re looking for, or start again from our home page. If you still need assistance, try our Live Chat option with a customer service representative, or contact us for help.
Steve Goldsby : so I contacted you  for help.
Morris: please call our Online Customer Support Desk at 1-888-750-3284 and our Representatives will be glad to help.
Steve Goldsby : What’s the vector victor? Roger roger.
Steve Goldsby : i’ll call customer support.
Morris: Is there anything else I may help you with?
Morris: Thanks for choosing Delta have a nice day.
Morris left the chat.
Your chat has ended.  Thank you for speaking with us.
Please help us improve our service by clicking on the following link to take a short survey: CLICK HERE

Just noticed over at Commtouch Cafe that the gmail trickery is ongoing . They did a good job of comparing the real gmail site with a forgery, pointing out the obvious differences.  Got me to thinking so I did a little search (using google!) and came up with several phonies.  (Search criteria:  intitle:”gmail: email from google”  “lots of space” “mobile access” “less spam”) I don’t have the time right now, but it would be an interesting exercise to find linked pages… you’d probably find some XSS on the originating site, or an evil web proxy at the other end.  Maybe a project for my next layover at the airport.

real Gmail page

Fake Gmail screencap

There’s a free (as in beer) search service over at Stolen ID Search that allows you to search their database of stolen identity information to There’s a free (as in beer) search service over at Stolen ID Search that allows you to search their database of stolen identity information to see if you’re a victim of identity theft. These guys claim to have information on 120 million+ compromised accounts. Doesn’t require you to give up the farm to find out if you’ve been popped. If there’s a match, Stolen ID Search also offers a fee-based service to get additional information on how the data was compromised, where it was discovered and instructions on what to do next for $15. see if you’re a victim of identity theft.  These guys claim to have information on 120 million+ compromised accounts.  Doesn’t require you to give up the farm to find out if you’ve been popped.  If there’s a match, Stolen ID Search also offers a fee-based service to get additional information on how the data was compromised, where it was discovered and instructions on what to do next for $15.

Nice little cheatsheet from the NSA that I leave behind with clients.  Gives them enough information to get the job done without overwhelming them with unnecessary information. http://www.nsa.gov/ia/_files/factsheets/I731-002R-2007.pdf

Goorecon recently broken when querying for email addresses (e.g. ruby goorecon.rb -e icsinc.com).   Sometime between when goorecon was written and now, google changed their formatting of reposnses for email addresses from:

emailaddress@<br>icsinc.com  to   emailaddress@<em>icsinc.com

Easy fix is to change the following line in goorecon.rb

response.scan(/[\w.-]+@<b>#{target}/o) { |t|

to

response.scan(/[\w.-]+@<[^>]+>#{target}/o) { |t|

This will keep the code flexible enough so that if google ever changes the highlighting tag (formerly <b> but now <em>) to some other html tag, goorecon will still correctly draw out emaill addresses.

Great list of cheat sheets for by Jeremy Stretch over at Packetlife

Wireshark Display Filters

Okay, process patents in this space have gone too far.  I’m googling for some information for a presentation today, and I come across a WIPO patent titled: “SYSTEM AND METHOD FOR PROVIDING NETWORK PENETRATION TESTING”. The “inventors” (and yes, I’m using that term loosely) are Fernando Federico Russ Alejandro David Weil  Matias Ernesto Eissler  Francisco Javier Dibar  Hector Adrian Manrique.  A quick search shows these guys in other patent activity.  What’s disturbing is that this patent appears to have been filed in 2008, but the process described doesn’t seem terribly innovative.  Client side pen testing with a bunch of legal and process fluff thrown in to make it look sexy.  Surely metasploit would be prior art, among other tools and frameworks.  How do these folks get away with this.  I need to go do my research on these inventors, and CORE SDI INC to get a complete picture.  If anyone out there has input, I’d sure like to hear it.

I thought I’d reached the end of the Internet, but apparently I missed this little gem of content.  It actually brought tears to my eyes.  Tears of joy, because finally someone understands me and my kind.  I’m willing to bet that at least one out of three readers of this blog can relate.  So look to your right, and look to your left.  If it ain’t them… well, you’re the nerd. Definitely worth the 8 minute read (40 seconds if Mubix’s recommendation works).

I finally had enough retuning Firefox every time I loaded Backtrack4. You see, some apps (like firefox) are built using GTK, but Ubuntu/Backtrack run use KDE. The result is that no matter how you tune your X-theme, Firefox still looks like poo. The fix is to do some trickery with KDE->GTK->Qt bindings, look at Bug #193538, or just load a Firefox theme that addresses this problem. My preference is KFirefox: Firefox Theme for KDE4. Pointy clicky, draggy droppy, and you have a svelte firefox under Ubuntu.

Interesting Social component. This and similar research may have implications with social engineering to increase likelihood of success. Article is over at BoingBoing http://www.boingboing.net/2009/07/12/baby-pictures-in-los.html