The past few months haven’t exactly been slow for me, hence the lack of new content here. There have been allot of interesting stuff to happen over the past 2 months, I will try to point out the ones I found most interesting. In no particular order (well, except for Mark Dowd’s inhuman paper, that needs to go first):
Application-Specific Attacks: Leveraging the ActionScript Virtual Machine, Thomas Ptacek from Matasano has some nice posts about Dowds paper here and here. Come to think of it, just read the Matasano Blog.
Retsaot is Toaster, Reversed: Quick ‘n Dirty Firmware Reversing. Yea, another matasano post. Once you read that your going to want to get this: BlackBag 0.9.1
For those who still doubt the seriousness of bugs like XSS and CSRF, check out: uTorrent Pwn3d. With out rehashing Rob’s post, he used CSRF to gain control of a machine.
The Bluehat talk A Resident in My Domain has sparked quite a few posts about the details of the attack, and it looks very interesting/serious.
There is of course always OpenRCE.org and sla.ckers.org, and if your in the Boston area or are just fans of Dropkick they will be playing at all the Red Sox minor league parks with the Bosstones, more info here.
Entries (RSS)