Tonight we had a team building exercise, nothing cheesy, just a bit of fun. I really enjoyed myself. But the reason this has me blogging at 8:15pm on a Friday night instead of shaking my buttocks, is because everytime I walked through the offices for whatever reason, I kept finding work mates huddles away at their desks. Of course it doesn't take much convincing to get them to join the party. What impresses me about this is that is highlighted a sentiment I have been feeling for a while now, but have been nervous to voice: I love my job.
Sure, these people could be slaving away at their desks on a Friday night because of overbearing managers and too tight deadlines, but mostly it isn't. They are here because they let work get away with them, which is just too easy to do here.
Anyway, enough gushing about work. Have a great weekend everybody.
By piggybacking off microsoft's PageRank the domain has a nice distribution through Google (I found it while innocently looking up AD 2003 stuff). If the owner were to change the CNAME to an A and start injecting malware into the session, the chances of users being infected rises due to the higher 'trust' levels it built up.
I just finished my thesis! Woo hoo! At first it felt like giving birth, but now it feels like I just excised a cancer. What a slog. Will post links to it when I have them in a 'proper' place.
It is 208 pages, approx. 54 000 words with 251 references. This is me excited.
The iSummit starts today in Rio. Daniela has been hard at work for the past couple of weeks organising it. I had a listen to the summit CD, there are some great tracks, I was particularly proud of South Africa's contribution. The DVD is more, um... bizarre, the documentary on Chinese body-builders is a hoot.
The iSummit page hasn't gone live as yet, but I have some inside info, you can check out two SAffies (Vhata's word for South Africans) profiles (daniela, colin), both ex-Rhodes students. Despite his picture, Colin is actually a nice guy.
This is seriously cool, you can now embed CC licenses into Microsoft Office documents with this plugin. Microsoft's support for, and sponsoring of the Creative Commons project definately earns them some karma points.
(link via Lessig)
Deloitte has released its security survey. This has been split into three surveys covering three industries:
These and other surveys released by 'the big four' and anti-virus vendors are a great way to find out the realities of attacks, intruders and their methods instead of the threat information vacuum the security community usually lives in.- The new potential threats we hype/demonstrate as security researchers almost never seem to end up being used 'in the wild'.
- Given that Sensepost demonstrated this in 2002, gave code to virii researchers and released a defence PoC (Casper), surley heuristics should pick this up?
What we can really learn from this is that the wrongs of the world are Sensepost's fault and this problem can be resolved with litigation and references to something patriotic. Jokes aside, I also wouldn't mind knowing why Symantec was distributing these signatures on the 14th of June, but we, the public, only got to hear about it on the 16th? I got to hear about it at 8am when cron fired off my rss2sms script, which I thought was seriously cool.
In my soon-to-be-published paper, I make a point that it is a good idea for vendors to make friends with security researchers in an effort to encourage delayed disclosure (some people call it 'responsible' disclosure).
It is interesting then to see that Microsoft will be throwing a party for security researchers at BlackHat. This, along with their BlueHat efforts is a very good idea. I look forward to seeing if it pays off given the past (and somewhat current) negative opinion of some security practitioners towards Microsoft. Or, more simply, will it have a material effect on the number of Microsoft 0days?
While still trying to forget I am sick, I hacked up a perl script that would fetch an RSS feed, parse it and sms me the bits of it I want (usually just the title).
It works like a charm. I am using it to sms me entries from the Internet Storm Centre feed. To do this I get cron to execute the following every hour:
rss2sms.pl http://iscxml.sans.org/rssfeed.xml
Pretty straight forward, by twiddling the two config variables at the top you can make it execute an arbitrary program when a new item is detected. You can also twiddle which bits of the feed you want it to send, just look in the code. To do the sms'ing I am just plugging in my commandline sms script.
The rss2sms script is available here. It probably should be named something more accurate, like rss2text_and_run_an_arbitrary_command_when_a_new_item_is_detected, but it just doesn't have the same ring to it.
I fully realise there are numerous better ways to do this, and would appreciate anyone willing to implement one.
UPDATE: Whoops, I wasn't overwriting the item with new ones. That's fixed now.
I am sick and can't sleep. So I though I would do something productive. Commandline sms now has much cleaner code, it has methods. The end user benefits aren't huge, but you can now see how many sms'es you have left. This can be turned off in the config file, as it requires another request and slows things down.
The methods and remaining sms check were all a precursor to my idea for a multi-mode. Pick 'n Pay is selling Vodacom starter packs for R2 (they have a recommended selling price of R149). I bought five. If I register each one for a vodacom4me account, I can up my daily sms bandwidth from a paltry 20 to a more useful 100. I can then plug RSS feeds or the like in on the one end without risking using up my limit. I haven't released mutlimode as yet, because it is a bit rickety.
You can get hold of the new version in the usual place: http://singe.rucus.net/utils/vodasms.tar.gz
It's easy to use, looks beautiful, has infinitely better response times than windows on the same machine and has great 'business' support. Not to mention the 5-year support cycle. The only downside is that evolution still toads the wet sprocket with exchange, and is even worse with multiple exchange servers. But, given that outlook isn't much better and that exchange is awful, they can be forgiven. It works, just not as well as it should. I will definately be foisting this on my work mates.