Author Archive

Twitter Instant Password And Storage

Friday, July 2nd, 2010

This is old, but might be interesting to fellow security geeks. The idea here is to challenge concepts of what a password is and how it should be secure. In essence, using this system will allow you to keep your uber-secret in a public place such as twitter. There’s some other crufty code (firefox plugin) to go with this, but it’s really just for fun.

http://foofus.net/~omi/tipas/

http://twitter.com/tipas/

Tags:
Posted in Stuff | Comments Off

BMC Service Desk Express Advisory

Friday, July 2nd, 2010

This isn’t really very cool, but it’s been exploited during assessments to great effect. So, why not share with everyone. If you’re on an assessment and find they’re running BMC Software’s Service Desk Express, then you can probably leverage this for great justice.

http://foofus.net/~omi/bmc-advisory.txt

Tags:
Posted in Advisories | Comments Off

Gordo Attacks

Saturday, August 1st, 2009

This is mildly entertaining for me.

The guys over at StackOverflow.com were doing a podcast and the subject of NTP servers came up. At the end of the podcast, Joel and Jeff discuss various methods of eliminating error messages related to the Windows time service. The conversation soon moved to the idea of using the NTP.org pool of time servers. By default, Windows sends NTP traffic to time.windows.com, or somesuch. The NTP.org pool consists of time servers, run by volunteer system administrators, scattered across the globe. If you don’t know about NTP.org, I suggest you start here.

During the discussion, Jeff typed us.pool.ntp.org into his browser and was redirected to gordo.foofus.net. Gordo, you see, is a NTP (time) server participating in the NTP.org server pool.

This all happened at the end of Episode 52 of the awesome Stack Overflow podcast:
[ Stack Overflow ep.52 - Gordo strikes @ 1:02:00 (mp3) ]

Of course, Gordo must respond to this:
[ Gordo's Official Response ]

Stack Overflow knows how to closeout a show:
[ Stack Overflow ep.58 - starts around 1:00:00 (mp3) ]

Tags:
Posted in Advisories, WTF | Comments Off

It’s official, I’m an ass!

Wednesday, April 1st, 2009

The latest, and most prodigious, certification in recent years was unveiled recently and I’m proud to announce that I’ve passed their rigorous testing.

You too can attempt to conquer this mountain by going here: http://www.asscert.com/

Tags:
Posted in WTF | 1 Comment »