Making a change with the carrot, not the stick
| 0 comments ]



More info : http://www.carrotmob.org/



Beautifull Sky
| 0 comments ]

The sky last evening over here :)



Cross site scripting filter evasion - OWASP
| 0 comments ]

My colleague Alexios gave a talk about evading XSS filters at the recent OWASP conference, what strikes me is the multitude of ways you can do it. I am sure you find something you didn't know when watching it :



DoD Bluetooth Headset Security Requirements Matrix
| 0 comments ]

http://iase.disa.mil/stigs/checklist/dod_bluetooth_headset_security_requirements_matrix_v2-0_7april2008.pdf



NIST Bluetooth Security Publication 800-121
| 0 comments ]

NIST recently published the Special Publication 800-121 "Guide to Bluetooth Security". I skim read it and while it certainly is a good overview it seriously lacks in some areas. Unfortunately I concentrated on other areas than bluetooth the last year and after doing the 23C3 speech and publishing BTCrack I have not really dug further. Maybe it's time to digg into it again a bit more.



Money and the SDL
| 0 comments ]

Need an argument to sell a secure development lifecycle to upper management ?
Present them this (probably) hand drawn scientific chart:

I expect this chart to be somehow close to reality when refering to large and mature software projects, although it's soooo interestingly non-scientific ;)



Attaching debugger at runtime automagically
| 0 comments ]

If you're interested in attaching a debugger everytime a particular process is started in windows use :
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\myapp.exe
Debugger = REG_STRING c:\debuggers\windbg -g
PS. This represents als an autostart vector in use by certain malware.