Lost+Found: Moxie on the beach, hacker flair, Volatility and NTLM
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H's radar this week. In this edition: an SSL guru in search of new challenges, hacker flair for all, guidelines for advisory authors, a Volatility contest and a very liberal URL shortener.
- "Today is my last day working at Twitter," announced encryption expert Moxie Marlinspike last Friday, without providing any reasons. After Twitter took over his company, Whisper Systems, Marlinspike worked at Twitter for over a year. When asked about his next steps, the researcher replied: "The beach, to begin with."
- The laugh is always on the loser. "Turns out 'Java' stands for 'Just Another Vulnerability Announcement'" is the word going around on Twitter. Not without reason: apparently, another new security hole has been found in Java.
- Those who have looked over the shoulder of a pen tester or hacker at work – or are such persons themselves – know that, from a visual point of view, these jobs aren't anywhere near as spectacular as Hollywood would make them look. This GIF animation, on the other hand, oozes with hacker flair. Simply play it in full-screen mode.
- You've found a security issue and want to tell the world about it? The Open Security Foundation (OSF) will tell you how to write a good advisory.
- The Volatility Labs blog has announced a developer contest for programmers to create new plugins for the Volatility forensics framework. Prizes of up to $1,500 are up for grabs. An overview of the tool's possibilities is available in CSI:Internet - A trip into RAM.
- Computers sometimes do strange things, a security expert who goes by the name of n0x00 has found. He implemented a public server that requested an NTLM login when establishing a connection on port 80. Then, n0x00 requested a short URL that pointed to the server's IP address (http://126.96.36.199:80) from GoDaddy's x.co URL shortening service. He was baffled by the result: his server was visited by one of the URL shortener's systems, which wanted to log in via NTLM using internal Active Directory credentials.