I received Grey Hat Python by Justin Seitz this week for my birthday — thanks sis! So far I’ve worked into Chapter 3: Building a Windows Debugger.
I’m very pleased with the level of detail the book goes into when explaining debugging techniques and how a CPU deals with processes. It almost makes me want to focus more on C code, but I know that the further I get into the book the more I will be happy with the relative simplicity offered by Python.
My only gripe with the book is the first sentence of the first paragraph on section 1.1, “I assume that you are using a 32-bit Windows-based platform to do most of your coding.” While it certainly makes sense to focus on debugging techniques on the Windows platform since most of the software one would be dealing with is written for it, it rubs me the wrong way to make the assumption that I’m using Windows to write software — especially with a language like Python. And no, I’ll be writing code primarily with vim on OSX and running Python on Windows via Parallels.
With that only negative note aside, it’s a fantastic book and I would absolutely recommend it to others.
Ben Cecka Security, Technology Review
Been playing with some online programming and hacking fun. If you’re like me and can’t sleep at night because of an overactive mind, try some of these out:
- The Python Challenge – Pretty self-explanitory. Some puzzles that require a little bit of creative Python programming along with some outside-the-box thinking on solving problems. Can probably use other programming languages as well, but at some point I’m betting there’s some Python specific data-types (I just started a few last night so don’t know yet).
- HAXTOR (warning – JS will attempt to resize your browser window) – Various decrypting challenges and web-related stuff.
- hackergames.net – Just ran across this the other day but haven’t gone through any of them.
* Word to the wise: Use a disposable virtual machine with a safe snapshot when messing around with this kind of stuff. The sites are probably safe, but you never know where you’ll end up and who could be targeting them for extra kicks. Use No-Script at a minimum.
Ben Cecka Security
If I have more time at a later date then I’ve really been meaning to write a more detailed review of each podcast in the IS realm that I’ve been listening to for the past 6 months, but since that time never seems to make it my way I’m just going to post links for now. Whether it’s on my feed reader or the BlackBerry, each of the shows has been extremely valuable in keeping me up to speed and looking at the horizon. Thanks guys (and gals)!
SecuraBit
Security Justice
PaulDotCom Security Weekly
Hak5
Network Security Podcast
Ben Cecka Security, Tech Tips, Technology Review
I don’t know what took me so long, well, probably the price, but my company just forked out the cash and let me pick up a new MacBook. I decided against the Pro because it was probably a little overkill for my purposes. At any rate, the multi-touchpad is pure genius in its intuitiveness and customization. I don’t want to even think about using a standard touchpad ever again (or even mouse for that matter). I actually woke up this morning and felt a little giddy to go over and start playing with it again while brewing coffee.
I’m still a little unsure about the innerworking of the OS, but *nix is no stranger to me so I’ll get there. MacPorts is also a little odd, but once I get the hang of it I should be fine. It seems to fail on dependencies for GIMP and Wireshark during my first attempts to install stuff, but nmap worked fine right away (probably because it’s just console). I’ll have to dig into X11 stuff I’m guessing.
While I’m not considering converting workstations and servers over, I think I’m sold on my quest for a solid laptop.
Ben Cecka Technology Review
The US Army says that Twitter is a potential tool for terrorists. I know what you’re thinking — thank God my tax dollars are finally being put to good use. And this isn’t another one of those AIG spa treatments or anything.
I mean, with the exception of only a small handful of other services, Twitter is the only micro-blogging platform that could possibly be used for malicious communication. And, unlike other forms of nefarious yacking technologies like the cell phone and instant messaging it is inherently and by default open to the public for easy reading (yes, I know Twitter accounts can be marked private — not the point).
Ok. You sense sarcasm? Well, at least they’re paying attention to the right groups. You see, they’ve identified Twitter as becoming an activists tool for “socialists, human rights groups, communists, vegetarians, anarchists, religious communities, atheists, political enthusiasts, hacktivists”.
In fact, “Twitter is already used by some members to post and/or support extremist ideologies and perspectives.”
Damn those vegetarians and political enthusiasts…
Ben Cecka Industry News, Social Media
I was lucky enough to hit the A-list at work for an upgrade to a BlackBerry 8830 from my usual cell phone. This is the first mobile device that I’ve ever owned and I’m totally hooked. It’s like the move from dial-up to broadband — I’m not sure I could ever go back to a standard cell phone or not owning some type of 3G device.
That being said, I’m disappointed with the lack of solid, free applications written for the platform. I spent hours trying to find a reasonable program to view my school books (PDF format) from my media card and mostly found paid subscription software that was grossly overpriced. I ended up creating a BlackBerry email account and sending my PDF’s to it. It’s a workaround that I’m willing to live with rather than fork out money for something we all take for granted in the PC world. I don’t understand why BlackBerry developers think they should be charging for something as basic as a reader that is free on virtually every platform I’ve ever used. Charge for the added value of the writer (like Adobe Acrobat), but give the reader away and get your name on the device.
The next thing that got me was the difficulty in listening to streaming music on it. I know I can throw MP3 (maybe OGG) files onto it and play them locally, but I really just want a Pandora or Last.fm setup where I can play a tag or similar artist station. Pandora doesn’t support the BlackBerry and their web-based player thought my IP was from Norway so wouldn’t work either. Last.fm doesn’t support the BlackBerry directly as well and even if I wanted to scrobble tracks played locally I needed to buy software (3rd party). End of the road here is that I applied for a Last.fm API key so that I could attempt to write my own streamer for the BlackBerry. More to come on that I hope — still waiting on the key.
And yes, if and when I complete this project (I already have a name picked out) I will absolutely release it for free.
Ben Cecka Industry News, Tech Tips, Technology Review