This is hugely irresponsible of Apple IMHO: http://blogs.zdnet.com/Bott/?p=405&tag=nl.e622 As history has taught us - browsers are not trivial applications to write securely and they are the primary conduit by which badness often enters your PC...

A friend of mine made a comment to me the other day that said exactly that - and now we have the creator of JSON saying the same thing: http://www.internetnews.com/dev-news/article.php/3735341 Amen brother . . .

It's about damned time: http://www.networkworld.com/community/node/26144 http://www.fbi.gov/page2/march08/cybergroup_031708.html And you know it's gonna be a success because they've got the Mounties involved! He he he . . . jeez I crack myself up...

My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently. http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx

Well not quite - but I am the second to last speaker on the last day (Friday) - http://cansecwest.com/agenda.html Ugh - people usually skip out early on the last day to make flights and stuff - so I guess not many people will be staying for my live demos...

"This really wasn't what our customers were looking for," said Wal-Mart Stores Inc. spokeswoman Melissa O'Brien. http://news.yahoo.com/s/ap/20080310/ap_on_hi_te/wal_mart_linux_computer Hilarious.

So last week was a VERY interesting week. First off we had some dude going public with information that the Pentagon had apparently been succesfully hacked at some point last year by an organization whom they believe but won't officially state as being...

So my friend Jonathan who is one of my hard-core kernel go to guys has decided to dip his toe into the waters of the blogosphere and you can start reading his blog here: http://blogs.msdn.com/itgoestoeleven/ He'll be blogging about some pretty low level...

Good lord - even their viruses ( no the plural of virus is NOT virii ) are sexier than PC viruses! http://www.troika.uk.com/virus.htm And from the "wtf were they thinking" files - Google decides to release the Android SDK with outdated open source...

Time marches on . . . http://northsecuritylabs.com/

I love how fragile the Internet really is. This is demonstrated from time to time and when it is - I'm drawn to it like a police chase on live TV . . . sometimes the root name servers come under attack or someone figures out a neat way to poison DNS caches...

Hilarious: http://blag.xkcd.com/2008/02/15/the-laser-elevator/

UPDATE 2/27/2008: Douglas MacIver wrote an excellent and very authoritative blog post here on this topic - I highly recommend reading his blog post instead of mine. :) http://blogs.msdn.com/si_team/archive/2008/02/25/protecting-bitLocker-from-cold-attacks...

My boss is apparently allowed to speak to the press. :) http://www.eweek.com/c/a/Security/Behind-the-Scenes-at-Microsofts-Secure-Windows-Initiative/

This morning I attended a session on DTrace which is a sort of tracing capability created by Sun for Solaris 10 that can be ported to other OS's. Some engineers from SAIC have figured out how to make this useful for reverse engineering, vuln discovery...

So I'm at Blackhat Federal this week - doing the training thing (IDA class with Chris Eagle - fairly good / broad intro to IDA and it's capabilities) and today was the first day of the sessions. It's been a great con so far . . . Monday and Tuesday I...

Asus Eee PC owned out of the box (hint runs Linux): http://www.risesecurity.org/blog/entry/6/ Yet another Apple Quicktime 0-day posted 2 days ago: http://seclists.org/fulldisclosure/2008/Feb/0304.html The Wii has been pwn3d via a stack smash to...

Joe Stewart is the man . . . I have a ton of respect for him and everyone at Team Cymru. They teamed up to find the C&C for the Mega-D trojan and Joe has done another one of his excellent write-ups here: http://www.secureworks.com/research/threats...

http://www.veracode.com/blog/?p=77 Hilarious . . . I can finally explain what my team does to my less technical friends / family with that simple drawing.

I would not be surprised at all if it were Hamilton - but alas - given his hectic travel schedule during F1 season - I doubt that it is: http://www.autoblog.com/2008/02/04/the-stig-some-say-hes-lewis-hamilton/ Top Gear - my favorite show on TV next...

And NO one knows how it's being done? http://www.linux.com/feature/125548 Pure insanity . . . how can this be going on for months and no one has a clue and all they can do is guess that maybe a password was guessed and used for logon? If these...

Farking hilarious!!! http://gizmodo.com/342499/microsofts-brainwashing-childrens-book-mommy-where-do-servers-come-from Here's the official book web site: http://www.stayathomeserver.com/book.aspx And this video isn't half bad either: http://video...

EDITED : 1/10/2008 to remove information about possibly using ntbtlog.txt to detect the rootkit. The driver load routine for the rootkit seems to be non-standard and thus unlikely to appear in ntbtlog.txt You can read the gory details of it here: http...

No - I believe he is implying that he belives *Vista* sucks. :) http://gizmodo.com/342920/holy-crap-did-bill-gates-just-say-windows-sucks

This video is just all sorts of awesome: http://www.istartedsomething.com/20080107/bill-gates-last-day-microsoft-video/