Posts

I did a race yesterday called Muddy Buddy with Jason. It’s a 10K with 5 legs where one person runs one leg while the other is biking and you switch up at every leg. There are obstacles between the legs as well such as monkey bars, low wall, and a couple rope climbs. It was a pretty cool race, but a lot more difficult than I thought it would be. I should also mention there’s a big huge mud pit you have to crawl through at the end, hence the name Muddy Buddy. ;) Jason and I were pretty evenly matched, and did pretty well finishing with a time of 54 minutes, 36 seconds coming in 36th out of 60 in our division and 327th overall (out of 897 teams - official results). I sure do hurt today, and I’ve still got dirt coming out of various body parts, but I had a great time.

Thomas Ptacek made an interesting couple posts about making binaries into c-compatible representation. I could have used that a couple weeks ago…

Success! I can now successfully extract data from a Blind SQL-vulnerable web application with under 500 lines of perl. And Absinthe, after running for the entire 3-day weekend+, is just now beginning to pull the actual table names. I’m not knocking it as it’s data retrieval is probably much more robust than mine, but I’m a sucker for immediate gratification. Now I just need to prettify the output… dances

2:25 am. I’m coming home after a late night out. Not too late, but late enough to bring out the guys asking for dollars for 4 quarters. I look to my right on the “L” platform and what do I see but a family of 4 - mother, father, and a set of twins. What could they be doing out this late, I wonder… What could they be doing that requires them to bring their poor sleeping daughters..slumped in their arms…out at this time of night. I may never know, but I can only hope I never have to do the same. ...

I’ve been playing with 0x90’s Absinthe quite a bit lately and while it’s an amazing tool, I’m a little disappointed in some of the methods it uses to gather database information. According to the presentation given at BlackHat in ‘04, table id’s are gathered first and then the table names are gathered using that information. The same is done with fields. Through my usage, I’ve noticed two things wrong with this approach, at least in terms of speed. ...

Compiling SSL support for Activestate perl is no fun task. I tried it one day (and succeeded) but it was still a pain and took the entire day. Thanks go to John Bokma for making it as easy as ppm> install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd I haven’t verified that it works, but if somebody does please let me know! Update - Confirmed, it works!

Schneier blogged this morning about how an identify thief managed to steal a house! Apparently, the thief had merely transferred the deed using a stolen SSN and drivers license number. I’d be curious to see how the thief managed to get ahold of that information. That’s a crazy example of extreme identity theft, though.

Looks like I have yet another reason to drink Mountain Dew. Beginning August 28, 2005, Mountain Dew and Xbox® will select a winner of an Xbox 360™ gaming and entertainment system every 10 minutes, 24 hours a day, seven days a week, for nine weeks straight! That's an Xbox 360 every 600 seconds! Pepsi sure is being an advertising whore - they just wrapped up a promotion to win Apple iTunes songs on Pepsi bottle caps and now they’re promoting Microsoft’s Xbox 360. I’d much rather win a $400 Xbox and a $0.99 song, though…wouldn’t you? ...

I put some pics of my kitchen up recently. It looks really nice in these pictures, but most of that is due to Stacey. Now I just need to work on getting some furniture in my living room! wl-kitchen/IMGP1776

It can mean only one of two things when fighter jets are buzzing the sears tower. Yes, folks, that’s right. I had almost forgotten, but this weekend is Chicago’s annual Air and Water Show featuring the U.S. Air Force Thunderbirds. Go out, get some sun, and enjoy the jets!