WIZARDISHUNGRY + security 116
OSX Sandboxing Design - The Chromium Projects
4 weeks ago by WIZARDISHUNGRY
overview of sandboxd on OSX.
find /System/ -iname *.sb
chromium
development
mac
security
osx
sandboxd
find /System/ -iname *.sb
4 weeks ago by WIZARDISHUNGRY
CWE - 2011 CWE/SANS Top 25 Most Dangerous Software Errors
june 2011 by WIZARDISHUNGRY
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
design
development
programming
software
security
june 2011 by WIZARDISHUNGRY
Improving ASLR with internal randomization « root labs rdist
june 2011 by WIZARDISHUNGRY
The next logical step in obfuscation would be to randomize the internals of libraries and code generation. In other words, you re-link the internal functions and data offsets within libraries or programs so that code and data are at different locations in DLLs from different systems. At the same time, code generation can also be randomized so that different instruction sequences are used for the same operations. Since all this requires deep introspection, it will require a larger change in how software is delivered.
aslr
os
internals
security
june 2011 by WIZARDISHUNGRY
Open source anti-theft solution for Mac, PCs & Phones – Prey
june 2011 by WIZARDISHUNGRY
Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It's lightweight, open source software, and free for anyone to use. And it just works.
tracking
opensource
security
mac
laptop
ifttt
pinboard
june 2011 by WIZARDISHUNGRY
littleblackbox - Project Hosting on Google Code
december 2010 by WIZARDISHUNGRY
A command line utility is included to aid in the identification of devices or network traffic that use these known private keys. Given a public SSL certificate, the utility will search the database to see if it has a corresponding private key; if so, the private key is displayed and can be used for traffic decryption or MITM attacks. Alternatively, it will also display a table of hardware and firmware that is known to use that private key.
security
ssl
mitm
embedded
december 2010 by WIZARDISHUNGRY
Enabling Remote Access to Apple OS X Leopard via SSH Command Line « Ryan’s Tech Notes
april 2010 by WIZARDISHUNGRY
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
ssh
vnc
cli
osx
screen
remote
security
sharing
software
hint
howto
control
admin
april 2010 by WIZARDISHUNGRY
Answer
september 2009 by WIZARDISHUNGRY
In most cases, you can mail or take your application and original documents to your local Social Security office. If you live in the New York City metropolitan area, Las Vegas Nev. Orlando Fla., Sacramento County, Calif. or Phoenix Ariz., you may need to apply in person at your local Social Security Card Center.
ssn
socialsecurity
ss
replacement
replace
now
government
job
card
new
security
social
september 2009 by WIZARDISHUNGRY
Xbox 360 Timing Attack - ivc wiki
august 2009 by WIZARDISHUNGRY
nice example of hmac timing attack with a metric
programming
useful
hash
xbox
xbox360
c
memcmp
strcmp
timing
attack
security
august 2009 by WIZARDISHUNGRY
Lifehacker - How to Crack a Wi-Fi Network's WEP Password with BackTrack - wep
july 2009 by WIZARDISHUNGRY
A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success.
wep
wardriving
lifehacker
linux
security
computers
network
tutorial
tech
wifi
wireless
july 2009 by WIZARDISHUNGRY
Excerpts from "Expert Judgement on Markers to Deter Inadvertent Human Intrusion into the Waste Isolation Pilot Plant"
semiotics nuclear_waste wipp signs radioactive danger waste futurism nuclear design philosophy art security science landscape architecture religion environment psychology communication future writing archive language history culture apocalypse
may 2009 by WIZARDISHUNGRY
semiotics nuclear_waste wipp signs radioactive danger waste futurism nuclear design philosophy art security science landscape architecture religion environment psychology communication future writing archive language history culture apocalypse
may 2009 by WIZARDISHUNGRY
Reading Keychain Passwords from the Command Line - Dave Dribin's Blog
april 2009 by WIZARDISHUNGRY
"I just found out you can also view and manage passwords from the command line using the security(1) tool." <---- for getting at passwords from shell scripts! :D
keychain
osx
cli
scripting
passwords
security
shell
dev
tips
april 2009 by WIZARDISHUNGRY
Schneier on Security: The Seven Habits of Highly Ineffective Terrorists
october 2008 by WIZARDISHUNGRY
Most terrorism is a social phenomenon rather than a political movement.
politics
terrorism
schneier
social
psychology
security
october 2008 by WIZARDISHUNGRY
Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole | Threat Level from Wired.com
august 2008 by WIZARDISHUNGRY
Bush admin doesn't want DNSSEC on the root
internet
security
tech
bush
dns
wired
dnssec
august 2008 by WIZARDISHUNGRY
ModSecurity Blog: ModSecurity ASCIIZ Evasion
august 2008 by WIZARDISHUNGRY
doing bad things with unencoded nulls in http
urlencode
php
apache
www
security
bug
august 2008 by WIZARDISHUNGRY
Slashdot | A Photo That Can Steal Your Online Credentials?
august 2008 by WIZARDISHUNGRY
anything can be a zip!
jar
xss
java
zip
gif
security
browser
msie
august 2008 by WIZARDISHUNGRY
Switzerland Network Testing Tool | Electronic Frontier Foundation
august 2008 by WIZARDISHUNGRY
detects interference in p2p
internet
security
privacy
2008
Private
download
p2p
torrent
test
eff
isp
august 2008 by WIZARDISHUNGRY
obstcp - Google Code
june 2008 by WIZARDISHUNGRY
I guess their rationale is that mitm is "hard" other than near the end points
security
tcp
networking
encryption
protocol
linux
privacy
mitm
wiretap
wiretapping
ssl
june 2008 by WIZARDISHUNGRY
Debian OpenSSL Predictable PRNG Toys
june 2008 by WIZARDISHUNGRY
the greatest unintentional backdoor ever
security
debian
openssl
cryptography
openssh
Ubuntu
linux
june 2008 by WIZARDISHUNGRY
Chris Tarnovsky demos smart card hacking « root labs rdist
june 2008 by WIZARDISHUNGRY
uses nail polish to mask the die and rust remover (i.e., hydrofluoric acid) to etch away the top metal layer of protective mesh to get at the CPU’s bus. He then uses a sewing needle to tap each line of the 8-bit bus in turn and then reassemble the data
hacking
smartcard
piracy
security
june 2008 by WIZARDISHUNGRY
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux
may 2008 by WIZARDISHUNGRY
try this before getting rid of laptop
encryption
security
software
opensource
osx
windowsxp
linux
travel
todo
may 2008 by WIZARDISHUNGRY
Caslon Analytics Home Page
may 2008 by WIZARDISHUNGRY
cool security / wiretapping reference
internet
copyright
law
reference
history
resources
research
security
comprehensive
rights
entrepreneurship
may 2008 by WIZARDISHUNGRY
Pentagon fears trojans, kill switches in foreign-made CPUs
may 2008 by WIZARDISHUNGRY
attempt to uncover malicious components that have been hidden intentionally in a set of chips by researchers from MIT's Lincoln Laboratory.
china
fear
security
technology
trust
chipfab
may 2008 by WIZARDISHUNGRY
Cryptographic nonce - Wikipedia, the free encyclopedia
april 2008 by WIZARDISHUNGRY
had this in an interview q
security
nonce
authentication
REST
wikipedia
secret
crypto
cryptography
identity
april 2008 by WIZARDISHUNGRY
Hping - Active Network Security Tool
april 2008 by WIZARDISHUNGRY
tcp traceroute here
security
network
tools
networking
hacking
software
tool
april 2008 by WIZARDISHUNGRY
Security guide to customs-proofing your laptop | The Iconoclast - politics, law, and technology - CNET News.com
march 2008 by WIZARDISHUNGRY
Probably best to have a wiped computer for travel so I don't violate ITAR
security
travel
privacy
mac
encryption
laptop
read_later
march 2008 by WIZARDISHUNGRY
Superimposing Nothing Nowhere: Another Free MacWorld Platinum Pass? Yes in 2008!
january 2008 by WIZARDISHUNGRY
busting lame MacWorld registration security
macworld
security
md5
hash
web
funny
badge
crack
conference
january 2008 by WIZARDISHUNGRY
CMRR - Secure Erase
january 2008 by WIZARDISHUNGRY
erases on the ATA command level. To my knowledge, this will zap data that DBAN misses, because DBAN can't access the hard disk's sector relocation tables (sectors that were about to go bad, so were remapped)
security
erase
tools
software
privacy
secure
disk
computer
free
hardware
tech
tool
legal
january 2008 by WIZARDISHUNGRY
iWar - Unix based War Dialer
november 2007 by WIZARDISHUNGRY
This is iWar in "IAX2" mode. Here we are using the VoIP IAX2 protocol for dialing. This means that no additional hardware (analog modem) is needed. In this screen shot, iWar is using my home Asterisk server.
gadgets
security
voip
phreaking
november 2007 by WIZARDISHUNGRY
Capability-based security - Wikipedia, the free encyclopedia
september 2007 by WIZARDISHUNGRY
A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights.
development
linux
wiki
os
security
unix
posix
september 2007 by WIZARDISHUNGRY
VerseLogic » Wordpress OpenID Plugin
september 2007 by WIZARDISHUNGRY
The wpopenid plugin lets visitors to a Wordpress blog quickly register, login, and leave comments using their OpenID Identity.
wordpress
plugin
openid
plugins
identity
blog
security
authentication
blogs
standard
php
extension
september 2007 by WIZARDISHUNGRY
Spyjax - Your browser history is not private!
june 2007 by WIZARDISHUNGRY
Javascript Can Examine The Color Of Your Links = Steal Your Browsing History
ajax
spyjax
security
history
browser
javascript
statistics
privacy
css
design
dev
favorite
firefox
hacking
june 2007 by WIZARDISHUNGRY
Amazon.com: The Ghost Map: Books: Steven Johnson
april 2007 by WIZARDISHUNGRY
"If you haven't read Steven Johnson's The Ghost Map, you should. It's perhaps the most important book in print today about the next decade of computer security."
books
amazon
reading
buy
computer_security
security
epidemic
cholera
april 2007 by WIZARDISHUNGRY
related tags
9/11 ⊕ admin ⊕ administration ⊕ adobe ⊕ aim ⊕ airplane ⊕ ajax ⊕ amazon ⊕ amusing ⊕ analysis ⊕ annoyances ⊕ anonymity ⊕ anonymous ⊕ antispam ⊕ aol ⊕ apache ⊕ api ⊕ apocalypse ⊕ apple ⊕ applescript ⊕ applications ⊕ apps ⊕ architecture ⊕ archive ⊕ arp ⊕ art ⊕ articles ⊕ as ⊕ aslr ⊕ asn ⊕ attack ⊕ audio ⊕ auth ⊕ authentication ⊕ automation ⊕ aviation ⊕ backup ⊕ badge ⊕ bet ⊕ bgp ⊕ blog ⊕ blogging ⊕ blogs ⊕ blue ⊕ bluesnarf ⊕ bluetooth ⊕ book ⊕ bookmarks ⊕ books ⊕ bridges ⊕ browser ⊕ bug ⊕ bush ⊕ business ⊕ buy ⊕ c ⊕ calculator ⊕ camera ⊕ captcha ⊕ car ⊕ card ⊕ cars ⊕ cellphone ⊕ change ⊕ chart ⊕ charts ⊕ cheatsheet ⊕ china ⊕ chipfab ⊕ cholera ⊕ chromium ⊕ cidr ⊕ cli ⊕ code ⊕ cold_war ⊕ commerce ⊕ communication ⊕ community ⊕ comprehensive ⊕ computer ⊕ computers ⊕ computer_security ⊕ conference ⊕ connect ⊕ conspiracy ⊕ control ⊕ cookies ⊕ cool ⊕ copyright ⊕ corruption ⊕ crack ⊕ crime ⊕ crypto ⊕ cryptography ⊕ css ⊕ culture ⊕ currency ⊕ cygwin ⊕ danger ⊕ data ⊕ database ⊕ debian ⊕ debugging ⊕ del.icio.us ⊕ design ⊕ desktop ⊕ dev ⊕ development ⊕ digital ⊕ disappear ⊕ disk ⊕ diskimage ⊕ diy ⊕ dns ⊕ dnsbl ⊕ dnssec ⊕ documentary ⊕ domain ⊕ download ⊕ downloads ⊕ dreamhost ⊕ editing ⊕ education ⊕ eff ⊕ electronic ⊕ electronics ⊕ email ⊕ embedded ⊕ encryption ⊕ encyclopedia ⊕ entrepreneurship ⊕ environment ⊕ epidemic ⊕ erase ⊕ espionage ⊕ essential ⊕ events ⊕ extension ⊕ facebook ⊕ favorite ⊕ fear ⊕ feed ⊕ firefox ⊕ firesheep ⊕ firewall ⊕ flash ⊕ flaw ⊕ flickr ⊕ format ⊕ formyjob ⊕ free ⊕ freedom ⊕ freeware ⊕ funny ⊕ future ⊕ futurism ⊕ gadgets ⊕ game ⊕ games ⊕ gaming ⊕ geek ⊕ geography ⊕ geospoofing ⊕ gif ⊕ git ⊕ gmail ⊕ google ⊕ government ⊕ graph ⊕ graphics ⊕ gtd ⊕ gui ⊕ guide ⊕ hack ⊕ hacker ⊕ hacking ⊕ hacks ⊕ hardware ⊕ hash ⊕ health ⊕ help ⊕ HighEdWeb ⊕ hint ⊕ history ⊕ home ⊕ hosting ⊕ howto ⊕ html ⊕ http ⊕ humour ⊕ IBM ⊕ icons ⊕ identity ⊕ ifttt ⊕ im ⊕ images ⊕ imported ⊕ information ⊕ intelligence ⊕ interesting ⊕ internals ⊕ internet ⊕ internet2 ⊕ interoperability ⊕ invention ⊕ ip ⊕ ipv4 ⊕ irc ⊕ isp ⊕ itunes ⊕ j2me ⊕ jar ⊕ java ⊕ javascript ⊕ job ⊕ kerberos ⊕ kernel ⊕ keychain ⊕ keys ⊕ landscape ⊕ language ⊕ laptop ⊕ law ⊕ learning ⊕ legal ⊕ library ⊕ life ⊕ lifehacker ⊕ lifehacks ⊕ lifestyle ⊕ lightbulb ⊕ links ⊕ linux ⊕ list ⊕ literacy ⊕ locking ⊕ lockpicking ⊕ locks ⊕ locksmithing ⊕ log ⊕ logic ⊕ lookup ⊕ mac ⊕ macosx ⊕ macworld ⊕ magazine ⊕ magnets ⊕ management ⊕ map ⊕ maps ⊕ md5 ⊕ media ⊕ memcmp ⊕ memory ⊕ microsoft ⊕ military ⊕ mine ⊕ mitm ⊕ mobile ⊕ modelling ⊕ money ⊕ monitoring ⊕ motion ⊕ mozilla ⊕ msie ⊕ music ⊕ name ⊕ neat ⊕ nerd ⊕ network ⊕ networking ⊕ new ⊕ news ⊕ nokia ⊕ nonce ⊕ now ⊕ nuclear ⊕ nuclear_waste ⊕ nyc ⊕ oauth ⊕ online ⊕ openid ⊕ opensolaris ⊕ opensource ⊕ openssh ⊕ openssl ⊕ organization ⊕ os ⊕ osx ⊕ p2p ⊕ packet ⊕ paranoia ⊕ password ⊕ passwords ⊕ philosophy ⊕ phishing ⊕ photo ⊕ photos ⊕ photoshop ⊕ php ⊕ phreaking ⊕ pickaproxy ⊕ pinboard ⊕ piracy ⊕ plaxo ⊕ plugin ⊕ plugins ⊕ politics ⊕ posix ⊕ posters ⊕ powerpoint ⊕ prediction_markets ⊕ presentation ⊕ privacy ⊕ Private ⊕ Productivity ⊕ programming ⊕ protocol ⊕ proxies ⊕ proxy ⊕ proxyseguridad ⊕ psychology ⊕ putty ⊕ python ⊕ radioactive ⊕ random ⊕ ratings ⊕ rbac ⊕ reading ⊕ read_later ⊕ reed ⊕ reference ⊕ religion ⊕ remote ⊕ replace ⊕ replacement ⊕ report ⊕ research ⊕ resources ⊕ REST ⊕ rights ⊕ robotics ⊕ roles ⊕ router ⊕ routing ⊕ rss ⊕ saml ⊕ sandboxd ⊕ scanner ⊕ schneier ⊕ science ⊕ screen ⊕ screensaver ⊕ scripting ⊕ search ⊕ secret ⊕ secure ⊕ security ⊖ semiotics ⊕ series60 ⊕ server ⊕ servers ⊕ service ⊕ session ⊕ sha1 ⊕ sharing ⊕ shell ⊕ shibboleth ⊕ shopping ⊕ signs ⊕ smartcard ⊕ sms ⊕ social ⊕ socialnetworking ⊕ socialnetworks ⊕ socialsecurity ⊕ socks ⊕ software ⊕ solaris ⊕ solaris10 ⊕ spam ⊕ sparklines ⊕ spyjax ⊕ ss ⊕ ssh ⊕ SSH-Agent ⊕ ssl ⊕ ssn ⊕ sso ⊕ standard ⊕ standards ⊕ statistics ⊕ stats ⊕ status ⊕ storage ⊕ strcmp ⊕ style ⊕ subversion ⊕ suffix ⊕ surveillance ⊕ survival ⊕ suv ⊕ switch ⊕ symbian ⊕ sysadmin ⊕ system ⊕ tagging ⊕ tcp ⊕ tech ⊕ techno ⊕ technology ⊕ terrorism ⊕ test ⊕ text ⊕ theft ⊕ timing ⊕ tips ⊕ tld ⊕ tls ⊕ todo ⊕ tool ⊕ tools ⊕ tor ⊕ toread ⊕ torrent ⊕ tracking ⊕ travel ⊕ trust ⊕ tufte ⊕ tutorial ⊕ typekey ⊕ u3 ⊕ uav ⊕ Ubuntu ⊕ ui ⊕ uninstall ⊕ unix ⊕ urlencode ⊕ usability ⊕ usb ⊕ useful ⊕ utility ⊕ verisign ⊕ via:joelholmberg ⊕ video ⊕ visualization ⊕ vm ⊕ vnc ⊕ voip ⊕ vpn ⊕ war ⊕ wardriving ⊕ wargames ⊕ waste ⊕ web ⊕ web2.0 ⊕ webbug ⊕ webcam ⊕ webdesign ⊕ webdev ⊕ wep ⊕ whois ⊕ wifi ⊕ wiki ⊕ wikipedia ⊕ win32 ⊕ windows ⊕ windowsxp ⊕ wipp ⊕ wired ⊕ wireless ⊕ wiretap ⊕ wiretapping ⊕ wishlist ⊕ word ⊕ wordpress ⊕ work ⊕ writing ⊕ www ⊕ xbox ⊕ xbox360 ⊕ xss ⊕ yale ⊕ zeroconf ⊕ zip ⊕Copy this bookmark: