Author Archives: Tobint

SaveToby.com? Unbelievable!

I don’t know what’s funnier, that some guy made a website threatening to eat a “cute bunny rabbit” if he didn’t get $50,000 US before the 30th of this month, or that he’s made half of his goal so far in donations! As the folks at .NET Rocks mentioned, this has to be some psych major’s thesis project or something. I know this isn’t tech related, but lets turn this into a security related issue.

The biggest security threat still open today is social engineering. I first heard this term ages ago reading The Cookoo’s Egg (or some other related ‘hacker’ book). The concept is that you can use your whits, not just computer savy, to gain elevated priviledges. We have to do a better job at not falling for every little trick in the book. We have to be more alert. For instance, I received a bounced message in my inbox this morning. I do get a lot of these for several reasons and every now and again, I check them out if I get a lot of them. Looking at the message though, I could tell it wasn’t a real bounced message. It was a phishing scam. The reason why is that it pointed me to my domain with the opportunity to view the bounced message online. The link it pointed me to was using PHP and was in a subdirectory that didn’t exist on my hosting server (I run my own hosting business). This was rather clever, and I’m sure that a lot of these actually yield results.

So while SaveToby.com isn’t a security hole in itself, the concept of engineering a psychological scam on people is not. Be alert. Be vigilant. Be ready to watch a rabbit die now and again.

Posted in: personal / Tagged: ,

Longhorn is all over RSS

Like it or not, Microsoft is going to start adding a lot of extensions to RSS to produce some cool features for Longhorn. I have a love-hate relationship with this idea. What really chaps my hide about this video because the first guy acts like he is the first guy to think of these ideas. I actually see this in Microsoft employees a lot. They come out looking smug (and I know they don’t mean to be) as though they thought up this great idea and they want you to come up to their level of thinking. What this really comes down to is that a lot of the features you and I have wanted to create and use RSS for are now going to be a lot easier to use from Longhorn.

Posted in: technical / Tagged: , ,

Looking over the shoulder of an attacker

If you ever thought that it wasn’t important to keep that windows update working on schedule, think again. Security Monkey has posted a small blog entry entitled “Looking over the should of an attacker“. Its definitely interested and should be a warning. However, I would remind you that just about any public internet service , Windows w/IIS or Linux w/Apache, you simply must not be complacent about how you configure your systems or keep them updated.

Posted in: technical / Tagged: ,

Where’d all my ‘tech’ go?

I’m sitting in my apartment in Greenville, SC looking over the pool, listening to a television that’s sitting on the floor, watching commercials for one piece of technology after another. Suddenly something hit me.

When I was a poor guy working for next to nothing, I had access to pretty much the best of technology. I always had a computer or two that were top of the line with the best graphics and processor upgrades available. I had the newest cell phone and knew about pretty much every gadget coming out in the next 6 months to a year.

I sit here in astonishment wondering where did all of my technology go? I still have ALL CRT displays in my house, I have mediocre computers with the exception of a laptop that the company issued me — which of course really isn’t top of the line either. My cell phone is old and tired. I don’t even own a PDA. I see one of our GS folks at work won an HP63xx Pocket PC and isn’t even using the cell phone built into it. I don’t own a tablet PC. I don’t even have my own subscription to MSDN universal anymore. What happened to me?

Has anyone else noticed this sort of trend in their own lives? Its not that I don’t have the money. It’s not that I wouldn’t enjoy playing with the gadgets. I just, don’t seem to have the time to do the research on the products anymore. I go to the local electronics store and stand in front of the latest super-snazzy tech and then try to decide which is best based on the specs, but then decide I’ll go back home and do some more research before buying the item. By the time I remember to look it up, some new gadget is out and I repeat the cycle. I’m sort of frustrated now and I feel like I may just have tech-envy. I see everyone else with their gadgets and I have to say… where’s my tech? Someone please stop me from running to the store in a panic and buying up a storm! Tell me this is normal. Someone? Anyone?

Posted in: personal / Tagged: , ,

AJAX is a Fraud

I’ve been around long enough in this industry to recognize marketing fraud when I see it. The buzzword that has become of AJAX is one such instance. I’ve about had it with hearing people talk about how its so new and innovative. I know of at least 5 people, including myself, who were using Xml Data islands and javascript to produce dynamic output into a browser as early as 1999 and 2000. I find it amazing that an article can be written by a virtual nobody in the industry like Jesse James Garrett that proclaims something as “new” that has been around since before the first victim of the DotBomb industry.

The reality of the situation is that these technologies have been around for ages, but the world wasn’t quite ready for them yet. The industry was bellowing, “Bring out your dead” and Netscape refused to answer, insisting “I’m not dead yet”. Sorry for the Monty Python analogy but rings true. Now that the platform market has been mostly conglomerated, it’s much easier to roll client-side to server-side javascripting out to the public.

Additional influences like the proliferation of broadband internet access to the masses has made such uses of bandwidth possible on the public internet space as opposed to being restricted to local intranets — much like several of my similar implementations of the technology at AIMCO years ago.

This article isn’t all about anger over this marketing BS — although it is admittedly part of it. Its partly about the idea that marketing has taken over innovation in this world. Between all of the patent wars in the big companies, and other corporations, like Adaptive Path, taking over technologies and name them as their own the industry has just become a big war-ground for business folks. Lastly, this is about the idea that I’m about to post a few scripting examples of this in the next month. I don’t want them to be chalked up in the AJAX hype column.

Posted in: technical / Tagged: ,

Where am I?

Only in the blogging world does a subject like “where am I?” get past the most curious of eyes without suspicion of insanity of the author. The truth is I’ve been asked by a couple of people why I haven’t posted anything in the past few days. You can rest assure that I have a slew of articles on various topics coming, but you’ll have to wait for me to start posting them for about another week. I’ve been involved in a couple of ultra super secret Whidbey projects for Microsoft. They keep it so secret I don’t even know what I’m doing for them! OK, in all seriousness, I’ll be flying to Redmond tomorrow and will be spending the rest of the week basking in the clouded downpours, sipping various coffees, and listening to more grunge rock than I can handle, and really, isnbt that about 15 seconds of it? I like visiting the area but every time I go up there I ultimately end up sitting in my hotel room all night after doing my duties at Microsoft. I intend to go out and find something to do or some exquisite place to eat. I even get in my rental go-cart and drive around for a few seconds before stopping at the nearest fast food joint, grabbing a number n and heading back to the hotel. Such is my existence as a non-adventurous kind of guy.

So in case any of you have never been to Redmond, let me share a small piece of it with you. This is where I’ll be. It’s the aerial view of the main campus — albeit 3 years ago.

Microsoft Campus

Wasn’t that thrilling? OK, I’ll see you next week.

Posted in: technical / Tagged: , , ,

Security Wiki @ Channel 9

The Patterns And Guidance team has added a new wiki on Channel9 for security topics. Check it out, rinse, repeat.

Posted in: technical / Tagged: , ,

Dockable Tool Windows in VS.NET 2005

VS.NET 2005 introduces a ToolStripContainer control which allows you to develop applications with toolbars that can be docked, undocked, reordered and otherwise rearranged to the edges of a form. This is an excellent idea, however, what was an obvious miss for the product was the ommission of a dockable window. We are all used to seeing these windows in the VS.NET IDE. The are, essentially, dockable, sizable toolwindows that can be removed, docked , undocked, resized, pinned against a border of the IDE, or unpinned. This feature has been suggested multiple times and would definitely add a professional touch to many applications. Microsoft ommitted this feature from VS.NET 2005, but perhaps if we can get enough votes, this feature will be reimplemented. Realizing that the release date is only 5 months away, its unlikely, but we can always try. Go to [I have removed the link as it is now 404/archived] to and vote for this suggestion!

Posted in: technical / Tagged: , , ,

Michael Howard Points to Excellent Series of Papers

Mike Howard has pointed out on his blog that there is an excellent compilation of security white papers in PDF form (image-based PDFs, not Text-based) available for download. Despite their age, these provide the very foundation for some of the most sophisticated security pillars today. Well worth the read.

Posted in: resources / Tagged: ,

Total Immersion touts ‘Augmented Reality’

This video looks way cool. It’s the presentation demo of a company called Total Immersion where they are touting their ‘augmented reality’ technology. It allows them to merge animation and objects with real-time video. I watched this demo and immediately started shuttering at the idea that Fox Sports would butcher this technology in football games. Its bad enough that they have all these strange animations and sound effects during the game, but can you imagine giving John Madden the ability to , I dunno, put costumes on players in real time? This is a far cry from just superimposing those yellow “first down” markers on the playing field.

This does, however, raise some interesting ideas. How about product placement in movies AFTER the movie has been made? What about the security issues involved? You could super-impose a gun on someone in a bank real time to frame them. OK, maybe I’ve been watching too much Sci-Fi channel lately. Anyway, this brings up very interesting possibilities that far excede those we ever imagined the first time cartoons were merged with reality in Roger Rabit.

Posted in: technical / Tagged: , ,