A brief look at the latest @LulzSec release
Earlier today, the hacker collective Lulz Security released a batch of 62,156 email/password combinations from unknown sites; I decided to take a look at the data and see if there was anything to be learned from it. And as always, LulzSec delivers: mediafire.com/?9em5xp7r0rd2y… 62,000+ emails/passwords just for you. Enjoy. — The Lulz Boat (@LulzSec) June 16, 2011 So, let’s take a look at a few stats: Total Domains: ~5,230 Top 15 Domains:
Read more…bbPress 2.0 (beta-1) released!
This morning, the latest version of my favorite forum software, bbPress, was released. While this is a beta and not a final release, it’s still a major event for the project: this release is in the form of a WordPress plugin, instead of a stand-alone application as it’s been in the past. In December 2009 I wrote about this decision – and at the time I was rather disappointed with the change in direction; but now my views have changed.
Read more…Happy 20th birthday Visual Basic!
Today I saw a post on Facebook by a friend of mine, Anthony Green, about writing his first blog post as a Microsoft employee (he has a personal blog as well, unfortunately he’s not written anything since 2008) – when I saw the title, I couldn’t believe it was 20 years already – seems just yesterday that I wrote about its 15th birthday: Happy 20th Birthday Visual Basic! My, what a journey it’s been.
Read more…VB6: Not so open source
Earlier today, a rather surprising tweet hit, being retweeted at least 80 times, including by a few rather influential people in the .NET world: Microsoft announces to mvps at #msteched that VB6 will be released as open source on codeplex end of june! w00t — Roy Osherove (@RoyOsherove) May 19, 2011 Needless to say, that’s not an announcement that anybody was expecting, but given the talk going on at the time – and the high-profile people talking about it, there wasn’t much reason to doubt.
Read more…Errors on ‘gem install mysql2’
On my fresh Ubuntu 11.04 box running Ruby 1.9.2 instead of the standard Ruby 1.8, I ran into some undocumented errors while installing the mysql2 gem. Here’s what I was seeing: $ gem install mysql2 Building native extensions. This could take a while... ERROR: Error installing mysql2: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb <internal:lib/rubygems/custom_require>:29:in `require': no such file to load -- mkmf (LoadError) from <internal:lib/rubygems/custom_require>:29:in `require' from extconf.
Read more…Facebook Scams
As a tip for all my Facebook friends, despite the promises you see spreading wildly across Facebook, you can’t see who’s looking at your profile. If you ever see anything like this, it’s a scam – pure and simple: If you ever see a page like this, or one that asks you to paste a script into your address bar as this one does, please immediately report the page. If you see any of your friends ’like’ a page like this or send messages linking to something like this, please warn them – they have likely handed their account over to a scammer or other bottom-dwelling script-kiddy.
Read more…Microsoft & Skype: PR Failure?
While looking at the reactions to Microsoft’s acquisition of Skype, I found one tweet that really stood out: How you know you have a PR problem: As soon as you buy popular service X, their userbase starts posting alternatives #skype #Microsoft — Ted Han (@knowtheory) May 11, 2011 While many users are busy joking about names (personally my money is on “Microsoft Live Skype” – my only hope is that there isn’t an “Ultimate Edition” or “Unicorn Edition” tacked to the end of the name) Microsoft has a significant problem, and I really hope they are looking at public reaction.
Read more…You can’t fix stupid…
For those outside of the IT field, developers are looked at as miracle workers – through us, business leaders think anything is possible (and they often see no reason why we can’t work our latest miracle by the next morning). In reality though, we do work miracles; we save companies vast amounts of money every year through increased worker efficiency and automation, we enable new lines of business that wouldn’t be possible otherwise, and reduce energy costs because we keep the office lights turned off.
Read more…Hosting Change
I’m in the process of migrating my sites from a Dreamhost VPS, to fully managed hosting by Gray Hills Software. In my tests so far, the loading time has been cut in half with this switch. Pages load faster, the server is better configured (new software, and more options), and seeing as they have both Windows and Linux servers, I can use one provider with whatever technology suits me and my projects.
Read more…TED: Stuxnet: a preview of future wars
Ralph Langner recently spoke at TED about his team’s findings on Stuxnet; it’s a clear (and somewhat scary) insight into the wars of the future. Instead of sending fighters and bombers to take out Iran’s nuclear program, as was done in 1981 to eliminate Iraq’s program, a carefully crafted virus slowly and methodologically damaged or destroyed vital equipment. How long until this is used as a standard part of ‘softening’ a target by taking out key infrastructure (flight systems, power plants, telephone & internet, etc.
Read more…
About Me
Security researcher, engineer and software developer with more than 20 years of experience.
Work: I primarily focus on application security, usable security, secure communications, and cryptography. I build and lead strong and dynamic teams, who cover all facets of security and privacy.
Writing: I write about my research, security in general, development and software design, and leadership through my blog, essays, and various publications. I also engage in some creating writing when I can.
Photography: I am a purist fine art photographer, working primarily in black & white, and focused on sharing new perspectives of the world. Limited edition prints of my work are available on my online gallery. I also have a background in photojournalism, and volunteer in this field when I can.