I’ve acquired an odd affinity in the past couple days for country music. So it was no mistake that I didn’t change the station in -0.5 seconds when I got into my rental car today and a country station was on. Spurred on by a recent ‘positive country music experience’, I listened to some of the songs for a while. And then one by Brad Paisely came on that started like this: ...
This has been an interesting week, and it looks like I’m not the only one. I’m down in Miami for work and had trouble finding a hotel. I eventually came across a place called the “Fortune House Hotel”, which was cheap and didn’t look too bad - it’s condos that they’ve converted into apartment suites. If I had a wife and two kids, this would be a great place for me to stay. But I don’t. I’m traveling on business. And it wouldn’t have been so bad…it really wouldn’t had it been for a series of incidents that just made it unbearable. ...
There’s a great SANS article today about the Illusions of Security. It’s a nice read if you need to jettison yourself back to reality. Security is very much about being practical as much as it is making sure you have the right technology to protect yourself.
As I mentioned in my Blind SQL Haxoring post, I use Absinthe from time-to-time to assist me, even if I have whipped up my own perl script. I only recent added Oracle support, so Absinthe still came in handy. One of the nice features of Absinthe was that it could restart a scan if some sort of exception or error occured, which comes in handy when you get such an exception after spending 4 hours enumerating 200 tables. Even better, it allows you to save the data to an xml file (with quite a nice stylesheet, I might add). It also allows you to load the data back in from the xml file, but this functionality has never worked for me and I was always frustrated by it. I usually got some sort of system.xml.xmlreader: root element missing exception. It seemed like something of an xml formatting error, but I could never track it down. ...
Somebody referred me to the excellent Tamper Data extension today. Tamper Data can be used to track and modify http(s) requests ala live headers, but with a better feature-set. It has quickly become a new favorite for quick & dirty HTTP interception. It’s also got a few nifty features like various actions that can be taken on form fields. Go ahead, take a look. You might be pleased. It’s a decent alternative to all those memory-hogging java proxies out there… Thanks for the link, Dave. ...
Well Happy New Year, and all that jazz. It’s been quite a while since I last posted, but I’ve been busy as all heck. I had the distinct pleasure of staying at a Ritz-Carlton the first week of 2006 and I was quite impressed. Unfortunately, I left my camera behind at home, so I don’t have any pictures of the swank, but I can relate a story about the “Ritz Magic”, which according to Google, is a term they’ve coined. ...
As I believe I mentioned in the past, my favorite little firewall (Kerio) was recently purchased by Sunbelt. Sunbelt has already proven their worth in my opinion with this post about adding Bleeding-Edge Snort rules to protect yourself from the recent wmf issues. WHAT?! Kerio supports bleeding-edge snort rules?! I really wish I had known this before, but man that is cool! I’ve been following Sunbelt’s blog since the announcement and have been pretty impressed with both the openess and technical nature of the posts by the company’s president, Alex Eckelberry. Not only has Sunbelt introduced me to features of Kerio I never knew existed, they’re also going to slash the price to $14.95, at least temporarily. $14.95, yes that’s right folks…$14.95. That’s 1/3 of what it used to cost. Mr. Eckelberry - I applaud your “no brainer” pricing. You have convinced me, a long-time free user of the firewall, to pony up and pay for it.
In an attempt to reduce a certain url from being spammed in my comments, I put that url into my wordpress comment blacklist. I know there’s a warning about being careful what you put there, but I figured the url was safe…well it turns out I was wrong. I didn’t look into it too much, but it seemed the url matched any comments that were put in. That means I lost comments from some of my recent posts like automating subversion, upgrading mysql on Gentoo, and running tentakel in Windows…some posts I really would have liked to see some feedback about. ...
Nothing like a little late-night Python to keep one up until the wee hours of the morning… I came across a great article tonight about executing commands on multiple *nix servers. It will come in extremely handy for me when moon-lighting as a *nix admin. I’d used fanterm before, but it wasn’t that good looking and being the freak of nature that I am, I spend most of my time in Windows. Although the program mentioned in the above article, Tentakel appeared to be designed for use on Linux systems, it is written in Python and should be able to run on Windows. ...
Came across a good blonde joke earlier today. It was so good, it motivated me to do the following: Unfortunately, I couldn’t start at the root for a few reasons and my technorati API query limit was also hit. But still pretty cool to see. Apparently the Germans really liked the joke. Really interesting to see that element spider out. I’ll have to run it again from a slightly lower point and see what happens. ...