SA Security Bloggers
SensePost
Junaid LoonatPopular Entries
Articles
Vulnerability Life Cycle - threat modelling
Web Hacking 2.0
Why Exploit Markets are Bad
Ettercap-NG Workings and Defence
The Zotob Summary
How-To's
Linux SSH Jail with pam_chroot
Firefox Privacy & Security Extensions
Papers
Managing Patching, my MSc Thesis
Risk Analysis of Monthly Patch Schedules
Tools
Automated Vodacom SMS (VodaSMS)
RSS 2 SMS
DShield Hack Detection
Neologisms
Encryption principles
Zoolander's Law
Syndicate This Blog
SSL
Certificate fingerprints:
SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89
HTTPS version.
You can find an explanation here.
License
Disclaimer
Friday, August 29. 2008
SA VANS can self-provide
Our ridiculous communications minister's ridiculous mishandling and contradictory corruption has finally come up against the light of reason in the form of Altech Autopage's win in the high court. This means that value added network service providers (VANS) can provide their own networks, and the DoC's back-tracking of their 2005 statement to the same effect, has no legal weight. One step closer to a liberalised telecomms industry for South Africa.
More at Ingrid's blog, and the full ruling available here.
Wednesday, August 27. 2008
Fyodor's NMAP Talk at BlackHat USA '08
Fyodor's talk was the first real talk I attended at Black Hat. TO be honest it was quite a thrill seeing "the creator of nmap". I did feel a bit dumb not knowing that Fyodor wasn't his real name, and thinking his family emigrated when he was young because had such a thick American accent.
Continue reading "Fyodor's NMAP Talk at BlackHat USA '08"
Tuesday, August 26. 2008
Caltex Key Fobs and a Chain Mail Security Alert
There's an e-mail going around in response to petrol attendants at Caltex service stations handing out free keyrings. The alert says:
Syndicates are giving away free key rings at petrol stations. Don't accept them as the key rings have a tracking device which allows them to follow you.
Some of my friends in this mailing list LOVE FREE THINGS. Watch out!
Forward to your friends and family.
Continue reading "Caltex Key Fobs and a Chain Mail Security Alert"
Friday, August 22. 2008
Dan Kaminsky++
Dan has posted two replies in the comment section of my previous post on his BlackHat talk. I think his comments indicate that his motivations were good and well reasoned before hand, and the net outcome of his find-and-fix was good. I believe they could have been better, but it's easy for me to comment from a removed, theoretical position, and "could have been better" sounds like a pretty weak position already. I've literally changed my opinion of Dan, and believe I judged him too harshly. Thus this entry isn't just a brown nosing affair.
Nice work Dan.
Wednesday, August 20. 2008
Dan Kaminsky's BlackHat USA '08 Talk on the DNS Flaw
Dan's talk at Black Hat on 'The DNS Bug' aka CVE-2008-1447 was packed. By this time I had worked out that BH attendees, much like Catholics fill up from the back, so you can usually just walk to the front and find a seat. I did and ended up three rows away from Dan and his podium, a decision I later regretted.
It's a long entry, so I've bold'ed the key parts of my rant.
Continue reading "Dan Kaminsky's BlackHat USA '08 Talk on the DNS Flaw"
Tuesday, August 19. 2008
HTTPS, SSL, TLS etc. on singe.za.net
I've got an SSL cert I use for back-end stuff. If I mistakenly link to the HTTPS version, or you wear as much tinfoil as me, here's a brief explanation.
Continue reading "HTTPS, SSL, TLS etc. on singe.za.net"
Quicksearch
this blog:
ha.ckers.org web application security lab: Browser Differences, Minutia Et Al…