Pretty sweet hack

I didn't read the whole article, but got to the point that describes weaknesses in IE (even IE 8 they say) where an attacker on an internal network could present a user with a screen that looks like a login screen, making the user think the machine is locked.

This can be accomplished by uploading crafted html to an internal website for instance. The capabilities exist to also hide the title bar, toolbar, etc to give the full effect.

Now, I certainly haven't tried it, but seems like it could be a sweet hack for an internal pen test.

Carpe boxen!

Skoudis is at is again, bringing cheer with another holiday hacker challenge.

Is there a better way to get in the spirit .... I think not ;-)

H4ppy H0l!d4ze

Holiday malware - careful what you recommend

With the upcoming holiday season, for us in the IT (especially Information Security) industry - we should be vigilant what we recommend to our friends and relatives when they inevitably ask us for help with their ailing machines. Gotta love playing tech support!

I am sure you have used the great Spybot Search and Destroy tool for tracking down infections. Well, it seem the bad guys are "borrowing" their good name for their own nefarious purposes ... you see they have developed their own anti-spyware tool called (you guessed it) "Search and Destroy" (sans Spybot). They even created a website to download the tool at search-and-destroy .com.

From the F-Secure blog:

The site just uses a simple Flash graphic for basic animation; there are no fake "scans" that attempt to scare the visitor. It's all very quiet, relying perhaps on its name.

So far, no Google bomb attempts have been seen for this name-jack, but we should be sure to impress upon anyone we recommend this tool to that they want the Spybot version.

First Marathon - Accomplished

On Sunday I ran my first marathon; the Bank of America Chicago Marathon. It was a great experience and I am glad that I ran for the kids at Children's Memorial Hospital. I ran the marathon in a time of 3 hours and 57 minutes, not bad for my first and for me, since I often have trouble pacing myself.

There were a lot of spectators cheering on the runners and we luckily got a beautiful day to run. It was quite inspirational to see all the support and see how many other runners decided to help those in need by running for a charity.

Certainly I knew that the marathon would be a great challenge, but to finish you need to have extraordinary faith, motivation and discipline to overcome the endless excuses for quitting.

I got to mile 23 and just needed a break. Frustrated and tired, I started to walk ... not knowing how hard to push myself, I wanted to ensure I crossed the finish line. I started to run again as the 3:50 pace group closed in on me. I kept up for a couple miles, but still felt like I was too far from the finish line. I was waiting for one cheerer to just give me an accurate distance that I could focus on and tell me I was almost there. Sure enough, I passed a guy who said 800 more to go, you got this! That was all I needed.

By the time I saw the finish line, I could hardly believe I had reached the end. It certainly is a very long distance, but the sense of accomplishment cannot be described. I felt overwhelmed, excited, exhausted and proud all at the same time. It is a moment I will remember forever.

I am still quite a bit sore, but certainly better than yesterday. Everyone keeps asking if I will do another and I am still not sure ... I was thinking even at the beginning of my training that I just wanted to do it once in my life. Who knows - maybe I'll change my mind.

The best advice I got about post-marathon care was to walk down stairs backwards. It makes a huge difference! Also getting a massage right after helps too, but you will still be sore - trust me on that one.

If you are thinking about running a marathon, remember that all you need to do is to decide you are going to do it and stick with your plan! Here is a great website about becoming a marathon runner - wish I'd come across this earlier.

On to the next challenge!

How dare you break my URLs!

Don't you hate it when you send an email with longish URLs only to find that your email client broke the URL with line breaks? It is just another example of MS doing the thinking for you and causing you more work to figure out how to fix it.

So, I have been using Outlook and have noticed the broken URLs from time to time, but today I decided to put an end to it ... and the solution was quite simple (this time). In Outlook, just choose:

Tools > Options > Mail Format tab > International Options
Uncheck 'Auto select encoding for outgoing messages'

That is it, hope that helps someone!

Happy B-day

I wanted to post up some thoughts I had today related to the theme of this blog - carpe diem!

Every day poses new challenges. Even old/familiar challenges can be new - it's all a matter of approach. So, even if you don't face a "new" challenge today, I urge you to create a new opportunity by trying a new approach to a familiar challenge. We should push ourselves to improve and yes, we may fail, but remember that is just part of the learning process ;-)

This challenge could be as simple as a the route you drive, the lunch you eat or the person you go to first for help with a problem. Try something new - you can bet I will on my Earth Day!

Happy new day to you!

A new day - a new blog

Welcome to my new blog! I will be chronicling my journey to run my first marathon! And then hopefully be able to keep up with other various happenings in my life.

Hope you will stop back again soon to see what's new with me ;-)

Until we meet again...