Written to the sweet relaxing sounds of the new Villagers album, Awayland (for those indie fans). I know I’m a bit late on my ‘attempt to post every Friday’ post thing, but, Friday turned into a bit of a clusterfudge, so excuse the delay (plus, Australia day over the weekend <insert dranks>).
Security articles that caught my attention:
Actually, I really was a criminal.. – I found Rich’s post really insightful and refreshing. I also think it’s a fairly common occurrence for those involved in the info sec space to have done similar things themselves, just, not as common for those people to publicly post about it. Kudos.
Android Botnet Infects 1 Million Plus Phones – I didn’t read too much into the ‘extremist’ title of this post, but, I don’t think that this sort of thing should be too surprising to security peeps. Phones are just computers right? And as they continue to grow in popularity and drop in price, well, of course malicious actors are going to focus their attention on them. I know a personal interest of mine is in using BeEF to target mobile devices, in this way, you could effectively coerce untold number of devices to perform actions on your behalf just through their browser.
Pen tester launches infosec bootcamp – I’m glad to have worked with, and hung out with, Snyff on a few occasions, and I’ve really gotten a lot out of his PentesterLab for quite some time, and now that he’s making more of a move to make this material available this is only a good thing. Another one of Snyff’s ‘free’ services is the PNTSTR Bot. His bot sends me a ‘pen tester’ question once a week via a DM. It’s a great little ‘test yourself’ activity that takes less than 30 seconds, and, I look forward to the challenge every week.
Movie filmed entirely in Disney Theme park – Not strictly a digital security post, but, I certainly found the concept really interesting. The crew and actors pretty much had to ‘stealth’ film the movie, referring to mobile phones for notes and scripts, and using as discrete camera setups as possible. I hope this inspires more of these sorts of things.
Application Framework Security – Jerry Hoff over at OWASP has started a new Project to document the security controls available in common development frameworks. It’s a good reference (if just at the beginning), and hopefully it can be extended to integrate and interlink with other OWASP projects like the T10, ASVS, etc.
Some tech/dev stuff:
LICEcap – for when you need to capture a portion of your screen and immediately convert it into an animated GIF. .. obviously for .. you know .. legitimate reasons.
MS Going its own way on Audio/Video spec – .. god damnit WHY does this shit happen? Just when you think browsers are starting to all meet at an apex of compatibility *bam* – we’re going to do our own thing. I really dislike IE, mainly because of the experience and bloat of it, but, there’s all this underlying gumpf that, when I think about it, also grinds my gears. (Goes back to rocking backwards and forwards on his angry man chair).
Firefox Phone – I’ve seen a few presentations on the Boot to Gecko (BTG) / Firefox OS over the past 12 months. Primarily at OWASP events. And I’ve been interested in the ‘everything is a web app’ phone (a little bit like Chrome OS), except, in this case, everything is HTML and JS. Obviously from a BeEF point of view I was salivating, but, from a new player in the space, I’m also keen to see how it goes. Plus, obviously, being completely customisable.
Motivational / inspirational (?):
Putting Things Into Perspective: Space – I was enthralled by the entire 19 minute vimeo, and it was one of those moments (that you may not experience that often) when you realise just how small we all are, and how profound it must be to a) see the entire earth under you and b) see the sun surrounded by the darkness of space, as opposed to the blue sky we normally associate with the sun.
Tags: beef, browser, development, Internet, malware, owasp, Security, tool, web application