Capture The Flag Begins Today!
The students in the CSE 4243/6243 Information Security class at Mississippi State University will begin their end-of-semester CTF exercise today, and in a change of format, it will be for a much longer period of time. In previous semesters, we have run this exercise during class time, with laptops in one of the classrooms. This [...]
Misleading description of the Stealing the Network compilation
This is just a quick note to serve as a warning to anyone who might be considering buying “Stealing the Network: The Complete Series Collector’s Edition” after reading the description on the Elsevier site:
http://www.elsevier.com/wps/find/bookdescription.cws_home/715444/description
While I was reading the book and preparing my review, I found that the publisher’s description was inaccurate and misleading, emailed a [...]
CISSE 2009 – SCADA Panel
Tommorow I fly up to Seattle for The 13th Colloquium for Information Systems Security Education. I will be participating in Monday’s SCADA Panel discussion, which I’m excited to be a part of. My contribution to this panel discussion will (hopefully) be to discuss how recent control system vulnerabilities provide us with great educational opportunities and [...]
If you’re looking to phish UPS accounts…
…they’re already training up their user base for you. Here’s how you’d want your email to look:
Yeah, it’s a legitimate email. It appears that after a year of inactivity, the “My UPS” service will disable/deactivate/expire/do-something to your account. Are they trying to save a row’s worth of space in their database? I don’t know.
The problem [...]
Tonight I’m gonna idle like it’s 1995
I’ve set up an IRC channel for McGrew Security on irc.freenode.net, and you’re welcome to join up and idle alongside me. I’ve placed a more permanent link to IRC info on my sidebar over <–there–, but here’s basically what you need to know:
Server: irc.freenode.net
Channel: #mcgrewsecurity
I’m cs_weasel
It’s on freenode mostly because I’m already idling there in [...]
Sorry for those trying to get at the slides
I’ve had to (at least temporarily) remove the slides from my previous post.
Hopefully they’ll be back in at least some form at some point.
Edit: A few folks have asked: SANS did not ask for the slides to be removed. They’re totally cool, and have been great to me and the other speakers during this [...]
Web Search Scanner module for Metasploit
The other day I decided that I wanted to become more familiar with the internals of the Metasploit Framework, so with the latest svn of the framework and a couple of books on Ruby, I started digging. I decided a fun project would be to port some of my existing tools and scripts into the [...]
Sexyhacking.com censorship fail.
It’s a weekend, so I’m all for a fun post.
The sexyhacking.com videos are not safe for work, however they’re probably even less arousing than you’d think. They are hosted on YouTube, after all. You might want to have a look, though, since they’re funny (intentionally and unintentionally), and who knows how long they’ll actually be [...]
DNSDNSDNSDNSDNS
As a followup to my thoughts earlier today on the new DNS vulnerability, there’s a great chance to put up or shut up on whether you already know what’s going on with it or not. Not only will he give you credit in his advisory if you figure it out before he publicly discloses, he [...]
Troopers 2008 Videos Available
I haven’t posted in a while, mostly because I’ve been busy hacking away at SCADA equipment and software, but I did spot some new conference video online in my usual rounds (Shmoocon 2008 video? knock knock :) ). It looks to be deserving of a post.
I wasn’t aware of this conference before now, but the [...]