uri - Dave's Blog


Search

Retweet of SwiftOnSecurity

4 days ago
I should have fond memories of GTA IV, but instead it's "Hey cousin, do you want to go bowling?"
PermalinkComments

Retweet of sleevi_

11 days ago
Rad to see Mozilla in on the fun! For Chrome, see https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/2LXKVWYkOus … and https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pnsUO-KxzTs … // @metromoxie https://twitter.com/jruderman/status/585562933914181635 …
PermalinkComments

Retweet of SwiftOnSecurity

14 days ago
Go watch Primer. Do it. It's the only movie you'll still feel like an idiot watching after 5 times. Seriously. It's amazing.
PermalinkComments

Tweet from David_Risney

Mar 29, 10:53
Any more technical details on the GitHub DDOS beyond this http://insight-labs.org/?p=1682  for the curious?
PermalinkComments

Tweet from David_Risney

Mar 26, 4:20
Anyone know why Chrome percent-encodes single quote in URI query? http://jsfiddle.net/unLrqxso/1/  Its a reserved char so encoding changes URI.
PermalinkComments

Retweet of bcrypt

Mar 17, 12:13
i know there's tools to tunnel IP o'er DNS but figuring out captive portal tricks counts as in-flight entertainment IMO
PermalinkComments

Retweet of DougBenson

Mar 4, 7:13
@peteholmes I hope the next one is called FAST AND INFURI-8-TED.
PermalinkComments

Retweet of shaver

Feb 20, 4:19
Facebook Security published a note with some info on Superfish: https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 …
PermalinkComments

laughingsquid:A Fun Offbeat Parody of the ‘Jurassic World’...

Feb 17, 5:53


laughingsquid:

A Fun Offbeat Parody of the ‘Jurassic World’ Teaser Trailer Featuring Raptors on Motorcycles

PermalinkComments

Retweet of jbenton

Feb 1, 3:06
Paying With Lovin' not legal in all jurisdictions.
PermalinkComments

David_Risney: "With crypto in UK crosshairs, secret US report says it’s vital". I think the secret is out on crypto.

Jan 15, 10:10
David Risney @David_Risney :
"With crypto in UK crosshairs, secret US report says it’s vital". I think the secret is out on crypto. http://arstechnica.com/security/2015/01/with-crypto-in-uk-crosshairs-secret-us-report-says-its-vital/ …
PermalinkComments

How I Pranked My Roommate With Eerily Targeted Facebook Ads

2014 Sep 18, 2:27

“This is the chronicle of the most epic retaliation and how I pranked my roommate with targeted Facebook Ads to the point of complete paranoia and delusion.”

Funny anecdote but also a how-to on creating a Facebook ad campaign that targets a single person.

PermalinkCommentshumor security ad facebook

Why do Nigerian Scammers Say They are from Nigeria? - Microsoft Research

2014 Aug 26, 3:53

Mass mailing Internet scams intentionally use poor spelling, grammar etc to filter down to target ignorant audience .

PermalinkCommentstechnical security statistics

The Strange & Curious Tale of the Last True Hermit

2014 Aug 21, 3:02

The story of Chris Knight, living in isolation in the woods of Maine for 27 years.

'Anyone who reveals what he's learned, Chris told me, is not by his definition a true hermit. Chris had come around on the idea of himself as a hermit, and eventually embraced it. When I mentioned Thoreau, who spent two years at Walden, Chris dismissed him with a single word: “dilettante.”'

'But still, I pressed on, there must have been some grand insight revealed to him in the wild…”Get enough sleep.”'

I don’t want to brag, but I’ve been telling that people all along and I didn’t have to live alone in the woods for decades.

PermalinkCommentshermit

The Secret Life of SIM Cards - DEFCON 21 - simhacks

2014 Aug 16, 1:07

A DEFCON talk “The Secret Life of SIM Cards” that covers running apps on your SIM card. Surprisingly they run a subset of Java and execute semi-independent of the Phone’s OS.

PermalinkCommentstechnical phone sim-card security java

Detect login with CSP - When Security Generates Insecurity

2014 Jul 8, 1:13

An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.

PermalinkCommentstechnical security csp web

From Inside Edward Snowden’s Life as a Robot: Wizner had...

2014 Jun 23, 7:04


From Inside Edward Snowden’s Life as a Robot:

Wizner had to jump on a phone call during a meeting with his whistleblower client. When he got off the phone, he found that Snowden had rolled the bot into civil liberties lawyer Jameel Jaffer’s office and was discussing the 702 provision of the Foreign Intelligence Surveillance Act. “It was kind of cool,” Wizner says.

It is neat but they’re marketing video is at times strangely terrifying. Put different music on when the Susan-bot comes up behind the unknowing Mark and this could be a horror movie trailer.

PermalinkCommentsedward-snowden beam robot telepresence

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

U.S. Marshals Seize Cops’ Spying Records to Keep Them From the ACLU | Threat Level | WIRED

2014 Jun 4, 6:08

"A routine request in Florida for records detailing the use of a surveillance tool known as stingray turned extraordinary Tuesday when the U.S. Marshals Service seized the documents before local police could release them."

Also what about the part where the PD reveals that its been using the stingray a bunch without telling any court and blames that on the manufacturer’s NDA.

PermalinkCommentstechnical law security phone

XSS game

2014 May 29, 1:10

Google’s XSS training game. Learn how to find XSS issues for fun and profit.

PermalinkCommentstechnical web security xss google
Older Entries Creative Commons License Some rights reserved.