Ok RSA just ended and I'm back from CA. I never thought I would be happy to see Charlotte, but I am. There is a lot going on right now in security. Lots of unimportant stuff and important stuff at the same time. This post will attempt to capture my feelings on some of it.
RSA 2007 - Thank you NWA for making me 10 hours late, spilling water on me 25,000 feet in the air and for making my flying experience with your airline generally crappy. It was a good show though, see you there next year.
Public Hash Database - Excellent idea. I post a hash of a txt file saying what Ive potentially discovered, place it in public view and when my research is complete I post the txt file and my work. And if it didnt work out then no harm done.
Fuzzers and Co-operation In An Alpha Male Community - Co-operation? hah! Not going to happen. And I think fewer people are using public fuzzers then previously thought. New fuzzers come with an extremely limited expiration date. Once they stink up the refrigerator they are put aside while a new one is created to find new bugs in a new protocol. Rarely are huge bugs uncovered with them, and if they are, the author isnt sharing his fuzzer with the public.
Solaris Telnet Vulnerability - What the hell guys? In all seriousness there is WAY to much mailing list traffic over this bug. If your running telnet on the internet you deserve whatever happens. The End.
Vista UAC Design Issues - I almost feel bad for Microsoft, they have to balance usability with security and anyone working in security can tell you thats a tough job.
Also why is googlepages so slow these days?
Yah that about sums it up for now. My posts are real bad these days and I apologize for that. I promise it will get better.