• Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by lattera

  1. is getting back into the groove, expect some forum posts from me soon.

  2. has lost in four days half the weight he gained in three years due to being sick.

  3. It's official: BinRev Radio is back! We will be doing a special episode on June 9th. We will have live content. Let me know if you'd like to participate.
  4. I'm sorry I haven't keep BinRev up-to-date with this. I'm getting married in December. I haven't had time to do much other than plan for the wedding/reception and pick up a couple extra jobs to pay for some really expensive medical bills. Hopefully we'll restart BinRev Radio yet again early on in 2011. If someone would like to make a show, though, I'd be happy to post it. BinRev is a community, and as such can be controlled by the community. Let me know if you're interested in hosting.
  5. is debating writing an ebook on runtime process infection and self-publishing it on Amazon.

  6. is prepping a vuln-dev lab.

  7. Here's my results: 95% Zenwalk (a distro I've never heard of) 95% Slackware 95% Gentoo I'm ashamed Gentoo is on my results. I'm more of an OpenSolaris or FreeBSD guy. I run FreeBSD 8-STABLE at work and OpenSolaris and OSX at home. I don't have a single Windows or Linux box on my network, a fact I'm very proud of.
  8. "Roses are red, violets are blue, if I go to jail, so will you."

  9. admits to having written ugly code today.

    1. unity


      tell me about it. the company I work for still writes code in Visual Foxpro

  10. The source code for Windows Server 2003 has been leaked (not posting links to keep this thread legit). Anyone in the mood to toy around with it? I can host a dedicated Win2k3 VM for hacking up the kernel. Any ideas of things to try? For one, I'd like to start auditing the code for vulns. Win2k3 is still very popular.
  11. is working on libhijack.

  12. I think we're having issues with IRC SSL. I'll take a look when I get time. For now, stick with non-SSL on port 6667.
  13. is figuring out how to segregate his employer's network.

  14. If the box has firewire, then you can use the existing tools to give you administrator access via a firewire exploit. Firewire spec mandates Direct Memory Access (DMA), which means that any firewire device has full access to all physical memory.
  15. I think the underlying ideology you're starting to argue can be turned into a broad debate. I don't want this thread to turn that way, so I'll say only what time has proven: security is a tradeoff, usually one that involves time and money. Risk analysis can be done to determine the seriousness of the weaknesses. That's what I'm in charge of at work: finding vulnerabilities, classifying them by seriousness, and making cost-effective suggestions. Management may approve or disapprove based on budgetary constraints or otherwise. If Seal thinks his current setup correctly handles the risk he's willing to take, then he'll continue what he's doing. Remember that there is not a single system (and, being networked, neither Seals' nor your systems are part of a complex system) that is 100% secure. That being said, I'd prefer we stick to the topic of encryption. What items do we choose to encrypt? What do we let go?
  16. Cryptography is a wonderful tool. It has its uses in many different areas. Full-disk encryption helps protect against offline attacks. IM encryption, if done right, helps protect against Man-In-The-Middle (MitM) attacks and eavesdropping. However, cryptography isn't meant to be the end-all-be-all of security. With any piece of data, humans are involved. Humans are the weakest link. We can secure our systems, data, and networks by using sophisticated tools including encryption. But even the best digital security practices can be easily foiled by a simple phone call. We use encryption at work for certain pieces of data and certain protocols. We use it to secure our VPN traffic. We use it to secure IMs. When IllumOS supports ZFS encryption, I will definitely make use of it. Overall, encryption is a great resource. But don't mistake it for being the solution to all security-related issues.
  17. is hoping to get a full IllumOS solution in the works tonight.

  18. File Name: BinRev Radio Remix - 002 File Submitter: lattera File Submitted: 02 Aug 2010 File Category: Binary Revolution Radio Remix Original Release Date: 02 Aug 2010 Hosts: Lattera, StankDawg Live show from Defcon, including important announcements regarding the future of BinRev and its awesome community. Show notes were lost due to a stupid problem with Lattera's mouse in OSX. Show notes will appear later on. We said during the show we would write in the show notes who won oCTF. Vand won and received a few great prizes. I (lattera) will be detailing the announcement in an official document to be posted in the forums. Click here to download this file
  19. loves having Froyo on his Droid X.

  20. I use Burp Suite at work. I love it.
  21. wants to name his first kid "Ulysses S Grant, 18th President of the United States."

    1. Seal


      What would be her middle name?

    2. lattera


      His middle name would have to have a silent number in it.

  22. Hiren's BootCD works great. I'm a fan of Active KillDisk.
  23. We've had this happen in our flagship product at work, too. We have places where the domain name has to be hard-coded. Each developer uses his own machine with IIS, database, etc. The hard-coded URL has to mach the computer it's running on. Sometimes we'll get a developer who forgets to change it back to its proper value before committing the code. I would guess the same thing happened here.