Wednesday, September 16, 2009

Security Advisory Lingo Demystified F'Reals

Inspired by Cisco Security Advisory Lingo Demystified.

Remote code execution: Can be used to pop up porn ads and send spam.

Mitigating factors: Bold-faced lies.

Workarounds: Hold onto your butts, we're not patching this anytime soon.

Not exploitable in the default configuration: Remote code execution.

Limited targeted attacks: You've been owned 6 times in the time it took you to read this.

Responsible disclosure: Researcher allowed the vendor to drag their feet for 18 months in order to ensure credit in the advisory.

Crafted packet: Who knows, Metasploit does all that nerd stuff.

Denial of service condition: Remote code execution.




Friday, September 11, 2009

Krpata's Law

Godwin's Law: "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1."

Krpata's Law: As any online discussion grows longer, the probability of someone linking to XKCD approaches 1.

Friday, September 4, 2009

Interesting Firefox Alert

Not sure I know what this means or whether it's useful yet, but if you try to make Firefox FTP to an SSH server (ftp://whatever:22) and hit Stop before it times out, it'll pop up an alert with the SSH version string.









Happens the same way whether you put it in the nav bar, img tag, script tag, or whatever. Wonder if there's any way to get at that programmatically.

Wednesday, September 2, 2009

DFU Mode

If you're uncoordinated and easily confused like I am, here's a video on how to put your iPhone into DFU mode that even I was able to follow. Thank you, random college kid and wandering roommate.