Blog

  • Review of 19 Deadly Sin of Software Security

    I’ve just completed a review of Howard and LeBlanc’s new book:

    http://www.greebo.net/?page_id=325

    I was expecting something else, and I’m a bit disappointed. But that’s okay, it’s still a great book for the PHP and Java programmers out there. I just think Writing Secure Code and OWASP Guide 2.0 is a better reference for significant projects.

    Andrew

  • Day One so far…

    Well, day one was just excellent. There is a reason that Black Hat is the premiere security conference in the world, and it has a lot to do with excellent speakers and great topics.

    I woke quite early and was dressed prior to breakfast arriving. Yes, I know that there is an alien impersonating Andrew, the regular Andrew will be back soon enough I fear. Luckily, the organizers work on the basis everyone is sloppy drunk from the night before, and most days don’t really kick off until ~ 10 am.

    Talking sloppy drunk, there was a VIP event last night I was supposed to go to, but I didn’t feel up to going out and sure enough, when I heard about the lap dances and the security consultant who missed all the morning sessions due to being still drunk, well, I’m glad I gave it a miss. Apparently he is sharing a room with a co-worker, and he only had socks on. Not nice. Oh well, plenty of time to get that sloppy drunk in the next few days.

    The keynote was a bit disappointing. The guy ranted for an hour and wanted to kill people. Don’t we all? I think it was the worst presentation I’d been to since I went to a Simple Nomad presentation a few years ago when he was reading his Vogon poetry to a hot, bored and restless crowd in front of a psychodelic X screensaver.

    Then of course, my excellent presentation was on, and we had a 3/4 full house, which was good as we were up against David Litchfield. Lots of people stayed on, which is even better. Got through the slides on time and had some good quality questions. I gave myself 5/5 on the feedback form. I’m sure the others will agree. 🙂 I gave away the two packs of Tim Tams (Black Forest cherry, and Tia Maria), and I gave Simon Gerraty the vegemite. It’s a good thing than an ex-pat has the Vegemite as I know it would have been tasted once by a furriner and thrown away thinking I was trying to poison them.

    Went to a few more sessions, all of them good. I liked the session on hacking hardware. The presenter, Joe Grand, really knew his stuff and I enjoyed learning just how crap the security is on the various devices.

    I met with Jessica Goldstein from Addison Wesley in the afternoon. We talked about the Guide and the other book I have been sorta neglecting since 2001. Hopefully something will come of that soon.

    Now, it’s time to go get sloppy drunk.

  • Black Hat – Travel

    It’s 7.25 am on Wednesday in Las Vegas.

    The travel to Las Vegas was a monster. Not only did we stop for nearly three hours in Sydney, I had to go via LAX. Plus, United seems to have joined Qantas in using their oldest planes on the duopoly route. Our flight had the old style CRT overhead projectors (yes, with three bulbs), and old films like Miss Congeniality 2. Luckily, I needed to sleep – I had only had four hours sleep in the previous two days.

    LAX, in how many ways may I hate thee? United baggage claim was on go slow – took about 45 minutes to get my bag, and then customs only had two desks open in the declaration area… when several 747s all landed at once. Took about another 30 minutes to get through even though I had nothing to declare.

    I ran to the domestic terminal, and the new style TSA check ins were awful – brainless droids staffing the XRay machines enforcing rules which simply don’t work. There were in no particular hurry to screen people.

    After clearing them, I ran towards gate 71b, only to see my connecting flight to Vegas leave through the windows. When I got to the gate, the next flight was another three hours away, at 4.11 pm (how do they know it’s 4.11 exactly?)

    Waiting, waiting, waiting. I had been in the air for 21 hours so far, and I was a bit tired. I almost fell asleep just before the flight, and I missed the call to the unnannounced gate change to 71a. Luckily, that was right next to where I was dozing and when everyone else moved, I figured something was up.

    The flight to Vegas was a bit adventurous; the A320’s brakes had overheated whilst taxiing on our extensive drive around LAX, and so they put them back down for a bit before climbing to the the cruise altitude.

    If that wasn’t eventful enough, I had my only third only go around. We were literally meters from the ground when the engines roared and we zoomed off at a very sharp angle of attack. A few minutes later, the pilot explained a few minutes later that there was another plane on the runway. Close.

    At least the day was clear, and the second landing attempt was fine. I was in Las Vegas at 6 pm, after 28 hours travelling so far.

    Jumped in a cab to Caesar’s, and then tried to check in. After an hour, I finally get a smoking room (it doesn’t pong too much), but they upgraded me to a King size room. It’s pretty nice, but it doesn’t have mirrored ceilings like last time. Oh well. No scary photos!

    Total elapsed time between leaving home to Las Vegas: 32 hours. Nasty.

    I met up with some folks from OWASP and went to town at the buffet. They went for seconds. I don’t know where they put it.

    We went through the slides in my hotel room and I retired for the evening. Luckily my “tire yourself out” strategy has worked, and I’m in the new time zone without jet lag. I’ll do that again next time.

    Today… my talk is on in an hour or so. Should be fun! More soon

  • Low life scuzz buckets in disabled spots

    Nothing makes my blood boil more than selfish pricks.

    I was at the supermarket today. As per usual, a born to rule fuckhead had parked their oafishly large SUV in the disabled spot whilst not displaying a disabled sticker. I realise that sometimes you might be carting around elderly relatives, so I let it go when I went in.

    When I came back, the Toyota Pratto truck was still there, and an able bodied woman was behind the truck putting shopping in. I gave her the evil eye. There were non-disabled spots more than capable of taking her stupidly large monster not even 10 metres away. Would it have been so hard to park legally? Would her legs have given out if she had to go those extra few metres with her shopping trolley?

    So TFN 247, you are outed as a low-life scuzzbucket. I hope that one day, you are disabled and can’t get a disabled parking spot … ever. That way you’ll know exactly how selfish you have been.

  • Working on OWASP

    Have the June 27 deadline to meet. It’s coming along nicely, and so is my procrastination 🙂

    BlackHat still hasn’t contacted me about travel and I’m starting to get worried about that. It’s tricky to get tickets at discount rates during peak travel times, and their tardiness is not my problem.

    Andrew

  • The Guide continues

    Met Dan and Ange, Jason and Michelle, and Dennis and his partner, and Margaret for breakfast in Williamstown today. Tried a new place, which is literally next door to my favorite breakfast haunt. It’s freaky to try something new after four or so years of the old, particularly freaky as the new place is right next door.

    It wasn’t bad, and the service was good, but that’s more a function of the awful parade held there which eliminated all parking for miles, and subsequently, all patronage for what is normally Williamstown’s busiest day. I bet the traders hate those days.

    I’m sure the organizers wanted (and got) a car-free zone, but if you’re targetting young families, they come in cars. Cars require parking spots.

    Spent most of the day (and it’s not over yet!) writing more of the OWASP Guide, specifically, working on the Session Management chapter, which is a bit of a mess. And plus, it didn’t incorporate all the newest attacks, so basically it was long and useless. Now, it’s a bit shorter, but far more useful.

    Andrew

  • Major structural changes to my web site

    After a long hiatus, I have decided to update my website. This includes new blogs.

  • update

    Hey Andrew
    How is the weight loss going so far? If you are interested I meet a friend at Altona every Sunday evening and we go for a 30 -45 minute walk around Cherry Lake in Altona. You would be welcome to join us.

  • Days you should never get out of bed

    Well, it’s been one of those days. Careful, it’s a bit gross.
    (more…)

  • weight loss

    Quote for today
    If only weight loss was as easy as hair loss.

    There is something in trhat for all of us. (oh well maybe for Paul and myself)