Donkey On A Waffle : /2008/Jun

Micro-Blogging and Twitter

Fri, 27 Jun 2008 18:55

The jury is still out on Twitter. Micro-Blogging is for the times between face to face meetings, major blog posts, emails, instant messages, and phone calls. As if we don't have enough ways to communicate already, it appears as if we needed a way to publish every 10 seconds "what we are doing".

My first thought is "why?!". Do we really need to update everyone out there every time we eat a meal or take a shower? I'm doing my best to keep an open mind and I'm trying to give it a fair go, but I'm just not ready to see the benefit of this new technology. At best Twitter can be used to update people with regards to your current location so they can meet up with you at a local pub. To me it seems like a broadcast based IM system with mappings to SMS phone technologies. Maybe I'm just missing the point of it all.

I'm not even going to get into the privacy issues that are apparent with technologies like this. If people don't keep in mind what they are posting about they are likely to give away far too much information to the world. This is a much bigger problem than just Twitter (Facebook, Myspace, blogs in general, etc).

If you use and actually like micro-blogging technologies like Twitter, please leave a comment and explain why. Help me get into the year 2008.

Home | Tags: tech | Category: /generic | Link

Scrawlr: Why?

Wed, 25 Jun 2008 15:06

This just in from the land of "Beenthere", a city in the great state of "Donethat". Scrawlr is a new tool that can "detect" SQL injection flaws in web sites. Well... sort of. It doesn't detect blind injection points, it doesn't support authentication, it has a limitation on the number of pages it will crawl, and it won't even execute POSTS. That's about as useless as a no armed man playing basketball. Unless his name is Pele, he's pretty worthless.

While I can't fault HP and the SpiDynamics team for releasing the tool for free, I can certainly say it's all been done before, and done better by others. I just did a quick Google search for "SQL Injection Tools" and the very first link contains no less than 10 tools that claim to both find and exploit SQL injection flaws. I know for a fact that at least one of these tools exploits blind injections and supports most authentication and POSTs (I helped debug it, so I speak first hand).

To summarize, this tool release just sounds like a half-assed attempt to capitalize on the recent "Mass SQL Injection" attacks that have occurred on the Internet. Come on HP, get your stuff together. This is at best a marketing effort wrapped in technical freebie clothing. Everyone should feel free to use the tool if it will help them, but know that there are better free solutions out there.

Home | Tags: infosec | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Papers and Presentations
Twitter Feed
txs Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (144)
  book_reviews/ (7)
  generic/ (36)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: