Tuesday, January 31, 2006

Now I'm even sicker of Fuzzing!

Someone does a slashdot post on muSecurity (actually they call them a "cracker attack emulator"-which, I must say sounds very cool), and along down in the thread, somebody mentions my Fuzzing page and I end up getting close to 4000 hits today.

What is the world coming to?

Thursday, January 19, 2006

How to get a job on a pen-testing team

"Wow!" as we used to say in in CIAG

How to get a job on a pen-testing team has a great line that shows that 2006 is the year SCADA goes mainstream:
I was just working on my project for that Death Ray auto-pen-testing machine and wondered if you had any feedback regarding how we would handle shellcode delivery across SCADA or process control networks.


Sunday, January 15, 2006

I finally "switched!"

This week my new 12" previous G4 came. I couldn't resist the discounted prices (sub $1300) that CompUSA, Mac Connection, and Mac Mall (and probably others) were on offering models with a smaller HD (60gig) and no DVD burner. Oh, and I'll eat my words for criticizing some former Cisco colleagues who switched years ago.

Monday, January 02, 2006

Ruby in 2006

It had been quite some time since I looked at Ruby. I went through a brief phase back in 2002, but it was still rough around the edges. There was/is however a very nice interface to libpcap that I started writing some protocol characterization tools which never did get completed or released. With all the hype around AJAX and Ruby on Rails I had to give it another look. Also the new version of Metasploit Framework is written in Ruby.

Among the improvements I've noticed:

  • Easy installation on windows
  • Ruby GEMS - a package adminstration tool simuliar to Gentoo Emerge, Debian Apt -- or yum if it actually worked right.