Page 18 of 24

Black Hat 2012

Unfortunately I am not attending the BlackHat this year, though I’ll try to make it to Defcon. I have been following the presentations pretty closely and so far this is pretty interesting:

WAF testing tool. ~150 ways to attack WAFs. Their product is potentially an interesting alternative in the WAF space.

Presentation on how to use Arduino to hack hotel room keys. And this is his blog.

Looks to be a very useful training tool.

 

Broken Screen

A few years back I got a call from one of the guys that did helpdesk and user support on my team. He said he was absolutely baffled by a problem with a laptop and wanted some advice. It was an older Dell and the apparent issue was weird lines or pattern on the screen. Naturally, I’ve asked him if the screen was hosed and apparently it wasn’t.

I was somewhat annoyed and told him to update the video drivers and he should be fine. A couple of hours later he says that the problem is still there. At this point, I am beginning to seriously doubt his technical acumen and I told him to bring the laptop over.

I took a quick look and the lines would only show up once Windows finished booting. Nothing was there during the BIOS/boot-up screens. “Obviously” it had to be some kind of a driver problem and he just screwed up the re-install somehow. So, while in my office, he started going through the process again. Remove the drivers, install the drivers, rinse and repeat. I’ve had him try Dell drivers, generic drivers, signed drivers from Microsoft and drivers from the card manufacturer. End result: the lines were still there.

Now it got somewhat interesting. There had to be a reasonable explanation. Another engineer walked by, asked what were we doing and next thing you know; 3 of us are spending hours with this laptop, trying to figure out what the hell is going on. This was a completely unproductive use of everyone’s time, but by then we just wanted to see an answer. Extensive googling yielded nothing. I was close to throwing my arms up and blaming this on the mystery computer gods or “user error”, when one of the guys shouted: “Eureka!”.

Turns out, Dell came up with a “software privacy filter”, which presumably would be a great alternative to the hardware option. This software would pixelate the screen to reduce the viewing angle. Don’t know if it really worked or not, but the user accidentally turned it on and forgot about it. We’ve wasted close to 7 man hours on this. This one could be chucked up to the category of: “it’s not a bug, it’s a feature”.

 

 

 

OSCON 2012

I’ve been reading through the presentations that have been posted and found a few pretty interesting:

Go Daddy Compute Cloud – light on details. somewhat interesting.

Comparing Open source Private Clouds – nod bad. It’s an overview of the major players in the space, like eucalyptus, openstack, etc. He does mention OpenNebula, but doesn’t include it the comparison.

MySQL advanced replication – from Oracle. Mostly focused on the newer versions of MySQL, so if you’re stuck on 5.0/5.1 for whatever reason you’re SOL. No mention of Tungsten Replicator, which can do awesome things.

Reliability and scale in AWS. – a very good presentation. Succinct and to the point.

Apache HTTPD 2.4.0 – overview of what’s new. Sounds intriguing, though I haven’t tried it out myself.