Donkey On A Waffle : /2008/Feb

I Think I'm PARANOID!

Tue, 26 Feb 2008 12:14

If I were in the band garbage, I'd be singing "I think I'm paranoid" by this point. And for those of my readers that are "older" I'd be singing Black Sabbath "Paranoid" instead. The article that I posted regarding the US government slide deck on counterfeit network hardware has generated 3x my normal daily traffic. Is someone interested in the information I posted.. it sure looks that way!

(*Yes I checked the source of the traffic and I'm not going to reveal it because ... well frankly it's just not right*)

Home | Tags: infosec | Category: /infosec | Link

Head Tracking with WII Remote

Tue, 26 Feb 2008 11:47

Once again Johnny Chung Lee from the Human-Computer Interaction Institute at Carnegie Mellon University has come up with something amazing. This time using the WII remote control and sensor bar he has designed a head tracking system that utilizes optical illusion to really wow the user's perceptions. Check out the video and prepare to see the next generation of human computer interaction and gaming.

Home | Tags: wii, programming | Category: /generic | Link

Ace On The River

Sun, 24 Feb 2008 13:55

I just finished reading the book Ace On The River by Barry Greenstein. Barry is a very well known professional poker player who gives away 100% of his tournament winnings to charity. This has amounted to millions of dollars in charity money over the past few years donated to worthwhile causes giving Barry the nickname the "Robin Hood of Poker".

I had been under the mistaken assumption that Barry had been a big winner in the dot com games of the mid 1990s. He had worked for Symantec Inc. well before SYMC the stock was available on the NASDAQ. I also was under the assumption that Barry is wildly rich by this point and that his tournament winnings really don't matter to him any more. Barry directly addresses this questions and more in this book.

This book is not a normal instructional book. It doesn't outline appropriate starting hands, it doesn't detail the correct moves to make on the flop, turn, and river. It talks about bankroll management, the effects of poker on your personal life, the gambling mindset, ... ok ... it also talks a bit about how to play some advanced hands.

I really enjoyed this book and finished reading it in two days. It was a quick read and really brought a lot of things into the front of my conscious for future contemplation. I give "Ace On the River" 4 out of 5 donkeys.

Home | Tags: book_review, poker | Category: /book_reviews | Link

Gambling Sites Targeted by DDOS

Tue, 19 Feb 2008 13:56

It looks like a bunch of online gambling and gambling related sites were recently targeted by distributed denial of service attacks. Normally, I wouldn't care about this type of thing; however this time it personally effected my pocket! I was in the middle of a No Limit Holdem hand at Full tilt Poker when the DDOS struck that site. No big deal you say, except that I had POCKET ACES! Such is my luck.

Read the full story HERE.

Home | Tags: infosec | Category: /generic | Link

Context-keyed Payload Encoding

Tue, 12 Feb 2008 14:58

|)ruid wrote an interesting paper for the most recent Uninformed Journal, on context-keyed payloading encoding. This is essentially the act of encoding a payload to an exploit based on the context of the target system. This effectively removes the decoding key from the decoding stub itself causing inline inspection engines a significant amount of difficulty. If the engine can't properly analyze the context of the environment in which the code is going to run, in real-time, it will be impossible to decode the payload for IPS based blocking of the attempted attack. Interesting read. Now if the IPS has access to the target environment for contextual analysis, it is theoretically possible to create a system that sandboxes the code, executes and analyzes it for the de-obfuscation stub and eventually is able to retrieve and review the actual exploit code. I wonder when the IPS vendors out there will consider taking this into account in their engines. It appears to be a battle that is yet to be waged.

Good research and a good read. If you haven't read the rest of the Uninformed Journal content, I highly advise it. Always a great read.

Home | Tags: infosec, exploits | Category: /infosec | Link

Viewstates SUCK

Tue, 05 Feb 2008 12:38

Viewstates suck! They are the bane of my existence as a hacker. I hate them with all that I am. Die VIEWSTATES die!.

In other words, if you don't use viewstates in your ASP applications, you should. They really are a pain in the ass for an attacker to deal with. If MAC is turned on (which it is by default), the viewstate becomes tamper resistant and really limits an attackers ability to inject potentially malicious data.

http://msdn2.microsoft.com/en-us/library/ms972976.aspx

Home | Tags: infosec | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Papers and Presentations
Twitter Feed
txs Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (144)
  book_reviews/ (7)
  generic/ (36)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: