Right now I’m hanging out with the Hack in the Box crew in Dubai, sipping tea, and enjoying some conversation. Yah life is hard, what can I say. :) I’ll post some pictures and entries when I get home in a week or so, but let me just say that this place is simply amazing. It’s hard to find the right words or even order them appropriately to capture what exactly is going on in this place. They roll at a whole other level, literally, a Mercedes-Benz SLR McLaren just rolled up out front. In the meantime, I thought I’d drop some links.
1) In addition to click-a-link-go-to-jail, it looks like there’s another yet another way to turn someone into a sex offender. This time Oklahoma state’s Sexual and Violent Offender database is vulnerable to SQL Injection. Apparently not only can you pull of various forms of personal information, you can add put to the roster as well. Evil.
2) Many of us have discussed various forms of BlackHat SEO because several of the tricks they’re using are borrowed directly from webappsec. Unfortunately we only get a cursory and rumored view of the landscape. Recently through Scott Berinato of CSO took a deep look at BlackHat SEO industry and wrote a content rich and compelling expose’. In the 2-part article he takes a look at the players, what they’re up to, and how much money they’re making. Plus is funny to me that my SEOwN3d!!1 is getting wider use. :)
3) Aung Khant (AK) has been working hard on a new website project he calls the “Ultimate Hacker Web Directory (HWD)”. Basically this is a giant directory of links related to the infosec/hacking field. AK is going to need help with more links to make the system ever more complete. The more links the more useful it becomes. For those interested, submit.