I didn’t plan on writing about the DHS blowing up a power generator on CNN, but I’m in my hotel room in Vegas waiting for a conference call and it’s all over the darn TV. Martin and Amrit also talked about it, and I hate to be late to a party.
H D Moore got an iPhone. This is both good news and bad news for Apple.
The bad news is that once some remote vulnerabilities appear (including clientside vulns), and get coded into exploits, the Metasploit Framework is ready for them with some iPhone-specific payloads. Let the iPhone pwnage begin.
Richard Bejtlich, commenting on a Marcus Ranum article, said:
“Continuing to function” is an interesting concept. The reason the “Internet” hasn’t been destroyed by terrorists, organized crime, or others is that doing so would cut off a major communication and funding resource. Criminals and other adversaries have a distinct interest in keeping computing infrastructure working just well enough to exploit it.
I get in early Wednesday morning and head home Friday. If you want to meet up, drop me a line at rmogull@securosis.com.
I think Martin and I have definitively proven that recording a podcast at 8 am isn’t the smartest idea in the world. Sure, the content is still there, but there are quite a few more “ums” and “ahs” than usual. Martin had to run to San Francisco today, and we had to push recording from last night due to a stray cat problem at my house.
I always wonder what I’ll wake up to on a Monday morning.
Today it was a nice new cross-site scripting (XSS) vulnerability over in Google. The details are over at bedford. org (link broken since it’s a little risky), and the focus is on Google Mail.
I never meant to become that “data security” dude.
Back when I first transitioned from a consultant to an analyst I was given a hodgepodge of technologies to cover. Since I’d been a DBA and programmer I picked up database security. No one was covering encryption, so that fell in my lap. We’d recently lost the person covering forensics and acceptable use, so I ended up with that as well. This was all about 5 or so years ago, and at the time it seemed like a random collection of technologies.
Sheesh… just when you think they’re over the hump, more details leak on the TD Ameritrade breach and they aren’t looking quite so competent anymore.
You can always smell desperation.
It has a certain… quality that gently waifs into the nasal cavity, tickling those very nerves that are too oft neglected in our sanitary society.
I’m probably going to swing out to Vegas for a day or two, but haven’t figured out what days yet.