I have split my posts of this blog into three communities:

• /security: information security related content. Techniques, howtos, security advisories, etc.
• /ruby: ruby and ruby on rails related articles.
• /nothing: Any article that doesn’t fit in the previous categories goes here.

We will give more info in the site when we have it! In the mean time, you can subscribe to the site RSS feed.

By the way, this is how it looks:

good night and good luck

The summary of the features of the v1.2 release:

• in the client:
  • export to XML module is now part of the standard module set.
  • a new implementation of the command line parser: now it is possible to use single and double quotes to pass multi-word arguments to the different commands.
  • fixed the window.rb:159 bug.
• in the server:
  • a slightly less annoying implementation of the web interface auto refresh functionality.
  • the services added through the web interface can have a name now
  • simple prevention against embedded XSS.

You can also download the platform-independent ruby source in the download section of the site.

miniconomics.com is an easy-to-use tool designed to manage your personal expenses that we have been developing over the last few months. The key benefits of the tool at this point in time:

• It is alive, changing every day, release early, release often. miniconomics.com is under a never ending churning process.
• It is simple, a no brainer, you have categories and you have expenses, you put expenses in your categories and miniconomics.com gives you all sorts of useful information, stats and nice shinny graphs.
• Is accessible, forget about maintaing a spreadsheet with your data in your home computer or laptop. Use an online service, use it no matter where you are, no matter when, just log in and add your expenses.
• It is as geek as a tool can be. We are still developing it and we are keen on trying all sorts of approaches. We have some cool toughts on plugins and addons that we will be developing in the future. Give us your feedback and let us know what you do you want out of the tool, chances are we will develop it!
• miniconomics.com is free, free to use, free to register, free to enjoy, free to everything

I hope you decide to give it a try (you don’t have to register for a test drive) and let us know what you think. And of course if you like it, just spread the word.

Things that will be covered include:

• remove the need of a login
• the use of an activation email, the application will require it’s users to activate their accounts upong sign up.
• howto get rid of the remember me functionality (just in case you don’t need it).
• howto strengthen a bit the default security of the framework.

(more…)

After years of thinking about, writing about, and filtering messages, I’ve decided that the best strategy for me is to not filter spam, but instead to filter non-spam

The full article at Reverse Spam Filtering: “Winning Without Fighting” by Nancy McGough.

• A no non-sense authentication: just email and password. No bells, no wistles.
• The system should send an activation email after the user signs up.

Let’s explore the alternatives
(more…)

One morning, exactly at sunrise, a Buddhist monk began to climb a tall mountain. A narrow path, no more than a foot or two wide, spiraled around the mountain to a glittering temple at the summit. The monk ascended at varying rates of speed, stopping many times along the way to rest and eat dried fruit he carried with him. He reached the temple shortly before sunset. After several days of fasting and meditation he began his journey back along the same path, starting at sunrise and again walking at variable speeds with many pauses along the way. His average speed descending was, of course, greater than his average climbing speed. Prove that there is a spot along the path that the monk will occupy on both trips at precisely the same time of day.

This post is the first in a series on the subject of enterprise messaging and in particular on IBM’s flavour of it. The objective of these posts will be to remove some of the confusion about its purpose, the technologies and the methods of securing it. Hopefully this will help both security testers and other interested parties to feel confident about this important area of IT security.
(more…)

Since this is not an easy choice we can mitigate the impact of making the decision upfront by doing some interface based design.

(more…)

I have just arrived from Black Hat Europe 2008 in Amsterdam (this one, not this one). It has been a cool experience, not exactly what I expected but really interesting.

Briefings were held during the 27^th and 28^th of March, and the presentations are available for download. If you want to see what the chef recommends just keep reading…

(more…)