Grey bar Blue bar
Share this:

Mon, 30 Nov 2009

ZaCon - A con in need of a better tagline...

ZaCon came and went, "and a fun time was had by all!"

The first run was a semi-cosy affair held at the University of Johannesburg, with 16 speakers holding the crowd from 08h00 till 18h00. ZaCon had many SensePost faces, but is not expressly an SP initiative.. It's a community based con aimed at growing the next gen of South African hax0rs..

My brief ~12 minute intro: "Why Zacon" explains some of the organizers thinking.. You can watch me blab [here] and you can watch the rest of the videos [here]


Mon, 16 Nov 2009

Defcon-17 - Clobbering the Cloud

Our DC-17 video (of the "Clobbering the Cloud" talk) is now available on the the new look DefCon download site: [here]

All of the other DC17 videos can be found [here]

(if you are a senseposter, you can grab them with descriptions from [here])

Tue, 10 Nov 2009

Twitter killed the (infosec) Blogging Star ?

Like it, hate it or just plain struggling to understand it, Twitter has made a huge impact across a wide range of fields. We use it fairly heavily internally for simulated water-cooler chatter and quick link-exchange. (like any piece of sp-geek-over-engineering we also have a tweet-bot to convert tweets to emails, and convert blog notifications to tweets). It's pretty clear though, that once we started tweeting internally, people started blogging less. There's something liberating about saying "here's a link", as opposed to taking the time to formulate your thoughts into a full blown posting.

We were curious if this twitter-effect was real, imaginary or only applicable to lazy people like us.. Thanks to python-twitter and a few lines of script we can look at the the blogging habits of some info-sec superstars (and maybe confuse correlation and causation to jump to conclusions while we at it).

Hmm.. maybe its not just us!


PS. SensePoster's who tweet (albeit infrequently) can be found at:

PPS. We wanted to, but skipped the following:
  • @DinoDaiZovi (Dino dai Zovi) (Started blogging and tweeting at roughly the same time)
  • @Dakami (Dan Kaminsky) (Doxpara is currently down)
  • @tqbf (Tom Ptacek) (Matasano blog history is incomplete)

Fri, 6 Nov 2009

Spammers need love too..

From: Haroon Meer <>
To: Marc Schneider <>
Subject: Re: - Contact needed

Hi Dr Schneider.

* Marc Schneider [] seemed to say:
>I am Dr. Marc Schneider and I work for Multilingual Search Engine
>Optimization Inc. in Washington DC ( Tel: 1 202-250-3645) - I would
>like to speak with the person in charge of your international
>clientele. Who is my contact? Who should I speak to??
>In fact, after visiting , I have noticed that your
>cannot be found on foreign search engines (I tested it on Hispanic
>search engines, German search engines, Asian search engines, etc.) Our
>company is specialized in multilingual search engine promotions in 28
>languages . From the Japanese Google to the German Yahoo, from the AOL
>in Spanish to the MSN in Chinese, we can show you how to develop a
>true international online presence by promoting your website on
>foreign search engines.

Thanks for the many (many many) emails you have sent to us to fix this

Two things though:
a) We are a South African company, and a quick check on a South African
search engine ( reveals that your site can not
be found on our local search engine. We arenot experts at all in this field but
if you are interested, let me know and ill try to get you listed.

b) A quick check reveals that your domain is zone transferable and a
cursory look shows that both your primary and secondary DNS servers live
on the same physical network. This is not quite best practice. Our
company is specialized in security assessments, we can show you how to
truly protect your website.

>Please call me at +1 (202) 250-3645 or email me and let's work on
>giving your website the true international exposure which it deserves
>to have with foreign native online users!!

I would prefer you dont call me, but you could email instead and lets
work on getting your security issues resolved!!

Haroon Meer

PS. i checked, and it appears possible (though unusual) to make use of
exclamation and punctuation marks one at a time.

Haroon Meer, SensePost Information Security