Published December 31st, 2003
in Uncategorized.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
New Years is often a depressing time for me. New Years eve is usually the day I reflect on the year prior and realize how little I have accomplished and how few people I’ve helped.
I celebrated Chanukah with David Chanoff’s family and Nigel Hamilton who just published a great book on Bill Clinton
We talked about a film idea I have about hackers and they gave me a lot of encouragement. I’ve decided to focus on three things for this coming year.
o Finish my O’Reilly book
o Concentrate on perfecting my technical skills
o Pass the Japanese Level 2 Profenciency test
o When time permits, develop my film idea
Have a happy new year.
Continue reading ‘The New Year’
Published December 27th, 2003
in Uncategorized.
The Chinese version of my book was recently published. Can you read this?
Continue reading ‘Chinese version of my Book’
Published December 23rd, 2003
in Uncategorized.
Blogging has been difficult for me because I work in an industry that requires secrecy. On top of that I have no idea who my next client may be, making it difficult to be a true pundit. I can’t count the number of times I’ve come upon topics that I wanted to blog about and haven’t.
I’ve given up on trying to sway anyones opinion. Instead I simply post what I know as I hear it and hope you like it. Do you?
It’s interesting to find out apprehensive posting isn’t limited to security professionals. Joi Ito just blogged about what he has called “bloggers block.” Interesting read.
Continue reading ‘Blogging Secretly’
Published December 22nd, 2003
in Uncategorized.
When doing a blind penetration test one of the first things that I look for are trust relationships. Relationships that I could exploit to help me gain access to the target network.
For example, Company A has just signed a huge deal with Company B. They jointly publish press releases on their websites with quotes from executives that helped close the deal.
I have been hired by Company A to determine whether or not they can be hacked without any prior knowledge of their network other then the companies name.
Using the information in the press releases, I can send a hostile email spoofed from executives at Company B to executives at Company A. Since they trust each other, Company A is more likely to install, run or open anything that appears to be sent from them.
So how does blogging play into this? Well blogging updates us in real time on current trust relationships that an attacker could exploit. With more executives blogging about who they met for dinner and who was over at the office, it could end up being a serious problem some day.
Just a thought.
Who do you trust? And are you blogging about it?
Continue reading ‘The threat of blogging’
Published December 22nd, 2003
in Uncategorized.
I’m not one for conspiracy theories but this is interesting enough to mention. One single newspaper in the UK is reporting that Kurdish forces captured Saddam then drugged and left him for American forces.
Saddam Captured by Kurdish Forces
Continue reading ‘Saddam Captured by the Kurdish?’
Recent Comments