Thursday, July 15, 2010

AOLStalker Lolz

If you aren't familiar with AOL Stalker, it's a mirrored collection of the millions of search queries AOL released to the web (gotta love those assholes online) and, if you're idle, it can make for some damn entertaining reading. Take this beaut for example... the best is, of course, at the very end. If you find other funny ones post them to the comments.

http://www.aolstalker.com/11110859.html

Friday, September 04, 2009

Aww Yeah !

Windows Media Player presenting an error.

On a POS terminal bitches.


Friday, May 08, 2009

If You Love SomeBody Then Set Them On Fire*


*Dead Milkmen.

PS. I'm putting on my wizard hat.

Wednesday, April 15, 2009

Somali Pirate Jokes

These are my own to start it off. Add more via comments.


---------------------------------------------------
What do you call three Somali Pirates in a lifeboat ?
Snap Crackle n' Pop.
---------------------------------------------------
What do you call a Somali Pirate in a Japanese trade lane ?
Pirates vs. Ninjas.
---------------------------------------------------
How did the French Navy seamen defend themselves from pirates on their trade routes ?
First, they stopped dressing like whores.
---------------------------------------------------
What's the hardest part about rescuing hostages from Somali pirates ?
The parietal bone behind the ear.
---------------------------------------------------
What does a Somali Pirate eat for dinner ?
a 7.62 x 39
---------------------------------------------------
How is a Somali pirate like a Las Vegas hooker ?
They both take it in the face.
---------------------------------------------------
What's the differerence between a Somali Pirate and a Kentucky chick?
Kentucky chicks are fat.
---------------------------------------------------
What's the difference between a Somali Pirate and a Pittsburgh Pirate ?
Every once in a while a Pittsburgh Pirate makes it home.
---------------------------------------------------
How do you prevent attracting the attention of Somali Pirates ?

Keep a clean ship. Wash your dishes. Avoid smelly food like bacon and smoked fish. Keep food smells off your clothing. Store all food and trash in scent-proof containers.
---------------------------------------------------

Wednesday, March 25, 2009

Georgia Town Admits What We All Knew All Along: Red-Light Cameras Were Never About Safety

Approximately ten years ago contractors around the country convinced many towns to install automated red-light enforcement systems. Often these systems were operated and maintained by the contractors -sometimes Defense contractors - whom shared in the revenue from the citations. As these systems rolled out, many towns actually SHORTENED their yellow lights to increase revenue while simultaneously INCREASING the rate of accidents and jeapordizing public safety. I don't think I need to argue why profit-driven law enforcement, particularly when combined with private entities, is evil.

Well, I just read an article about a town in Georgia where the city frankly discussed why they're pulling out the cameras: revenue is down. Turns out that the State of Georgia implemented a law requiring *longer yellow lights* and that has reduced red-light violations to the point where the automated systems no longer generate enough revenue to pay for themselves. Of course, this is all states had to do in the first place.

"The drop in citations is due, in part, to a state law that went into effect Dec. 31 that mandated a one-second addition to the yellow phase at all camera intersections."

"The city pays $1,200 a day for the service, on top of expenses for postage and police personnel to review the citations, Johnsa said. This year, the city’s projected revenue, excluding expenses, was $1.2 million. "Based on what we’re seeing now, I’ll be surprised to see $850,000," he said." .

Of course the Mayor has some pithy bullshit quote to try and safe face: "Mayor Dave Williams stressed their presence was never about generating revenue, but increasing safety. 'But with the changing of the lights, violations dropped so much that it was going to cost taxpayers a significant amount of money to continue to have those cameras in place,' Williams said."

Never about the revenue ? The simple idea of giving people a longer transition time from green to red never occured to you ? Sorry Mayor Dave Williams, you're either completely full of shit, or completely incompetent. My vote is on both.

Full article: http://www.ajc.com/metro/content/metro/gwinnett/stories/2009/03/13/red_light_camera_cost.html

and now for the post-punk fan's : "there's a town in Georgia's got a law on the books that says if we all got cameras then we won't have crooks". Name the band and origianal lyrics :)

Sunday, December 28, 2008

OMG PONIES !!1!!!

I just KNEW there had to be a reason for flash's existence other than to make the world's most annoying online adverts.

http://www.knickerpicker.com/

KnickerPicker is an interactive site for lingerie allowing women to view the products modelled on a variety of women in an interactive setting.

For men, it's the analog of waking up to find ponies in your backyard

Wednesday, December 17, 2008

I Want to Believe ...


... in Apple, but I just can't. This little company that went from counter-culturalist fight-the-power marketing strategy to "the man" the second they got a measure of market share is now completely losing it's eye on technology.

Following a fascinating trail from Engadget, I ended up on the Apple site to see what an iPhone outside of Walmart (whose internal employee-only purchase pilots commence today). Oh look, they have "apps". More like useless little crudlet timewasters, but let's see what else they have .... click the link, and what the fuck ? It opens iTunes. Then, wait for it, iTunes opens the iTunes Store.

Sorry, but A web page loading a client app that loads a web page is retarded.


And for Pete's sake, why do they take their dung-worthy iTunes UI and insist on flinging it all over their website too ?


Sunday, December 14, 2008

Hack Prevention Makes PHP WebApps Non-Sucky

In my continuous search for a prosumer NAS that doesn't suck, I came across this linux appliance.




Normally the deployment of ajaxified management interfaces and user-created PHP front ends to MySQL is a security nightmare, , but this one features Hack Prevention, so phwew; potential disaster averted.




Tuesday, June 10, 2008

Whats the Point ?

I could write an entire academic paper on how eCom sites run by brick and mortar retailers fail their customers, but then why bother with a paper when you've got gems like this ? It's already irritating as hell that retailer's choose to advertise products that they DONT actually retail , but THIS just really pisses me off.




Then, while furthering my search for a store that sold EITHER retail or online, I discovered this ingenious little ad. Oh sign me right up, clearly no scamming going on here ....



Wednesday, May 28, 2008

"Leet, for Not A Hacker".

As I wrote my last post my 10 year old son looked over my shoulder and said that. That's right, 10 years old and he's got l33t down.

And yeah, based on the ill advice of a colleauge (whom shall soon feel the pressures of raising his own little band of merry marauders) I once purchased said son a copy "The 3l33t Hackers Handbook". Not 7 days later I was called into his principals office due to legitimate concerns that he would do something to the school computers that their administrators would not be able to recover from.

Something You Can Do With Your Finger

Anytime I can slip a SouthPark episode title into my blog in a meaningful way, I shall.

Of course, there are LOTS of things you can do with your finger, especially when it comes to touch-screen kiosks and embedded systems. Here's a series of pics I took recently.


This is a boot screen with various interesting details in it. Unfortunately I ran out of memory on my phone before I could capture video of the really good stuff, but if you're n0t a h4x0r this should be appeasing enough:



Zoomed out a little bit. Hmm... what kind of device is this ?



It's a Delta video system ! They run embedded Linux (of course they do) ... imagine the fun !

Tuesday, February 12, 2008

I Wish I Had Only Found These In Time For Chistmas

http://www.smithgear.com/clocks-alarm-clocks-bed-shaker.html

Ooh, what a bastardly gift indeed.

and yeah, that's my only post for the last 2 months ... what, you think i get paid for this ?

Friday, December 21, 2007

Best iPhone Mod Yet

The more I search the iPhone, the even stronger my convictions become that:

1. the iPhone does less than my current phone but is prettier (i've always preferred brains over beauty, or at least pretty over prissy)

2. Apple is now officialy evil. Or at least "The Man".

I won't go into details on this now, but anyone who has scrutinized the phone in detail; it's poor messaging capabilities, Apple's reaction to 'hackers' (what the rest of the world calls 'programmers' ) , the pay-full-price-and-still-need-a-two-year-plan-to-unbrick-it, the crappy network performance from the mandatory AT&T plan... will realize that the iPhone is not only a poor device itself, but the yellow sputum of Apple evil.

Still, there are some great uses for the iPHone IF you can modify it in the right way.

And HERE is the best iPhone mod I've ever seen.

I Feel Dirty

Even though I really enjoy Christmas (and actually do practice it with my family) as someone who believes that uhm, people should have the right to practice their own religions ... I feel really dirty when my company enforces a mandatory week of vacation for Christmas.

Not to mention that my vacation benefits are really a week less than they tell me. Damn.

Monday, October 29, 2007

N074Gh0S7

I happen to dig Haunted Houses, but not all are created equal. The one in the San Diego GasLamp district is pretty darn good, but others just lack the panache required to excite me. Frankly my idea of a good haunted house is one in which you're told to wear disposable clothing. I feel every good haunted house should leave people wishing they had the vinyl car seats.

Last weeked I went to one in XXXXXXXX, XX. [For those who started drinking early, or in the South, XXXXXXXX is not really the name of the city, it's a representation of the name of the city, without actually giving out the name of the city]. The scenario was a haunted hospital, and we had guides in the front and rear of the group. At some point in a dark room I managed to slip away from the group off to the right, and then wound up *behind* the group and guide, left to my own devices.

Oh fuck yeah, they lost me in the haunted house. Poor fuckers.

I had fun poking around a little bit, checking out the *complete lack of sensors or other electronics* (sucky haunted house) then I heard the ubiquoutous chainsaw. YEs, this haunted house complied with Federal haunted house laws requiring a man wearing a scary mask running around with a chainsaw (with no chain on the bar obviously) to clear the final room out and gives folks that one last "did I really pay 10 bucks for this" fleeting thrill.

Now, here's the funny part: I was well behind the main group. The rear guard had completely lost me and didn't realize it, so when I heard the chainsaw I walked forward and ended up BEHIND the escort and said Mad Man With A ChainSaw, both of whom were watching the remainder of my group flee forward.

You know what I did.

I had to.

I'd be less of a man if I didn't.

Yeah, I waited a few seconds then walked up softly behind them and yelled BOO! and got them both. Not that I was all that great (cause I'm N074Gh0s7), but the haunted house was that bad.

And there you have it. I have now blogged recently. Stay tuned for more updates as more stupid shit occurs in my life.

Labels:

Wednesday, August 15, 2007

Former CyberTerrorism Czar: " Well duh".

[I found this note I had written last August. I don't know why I didn't post it then, but it deserves to be stated]

Richard Clarke, now no longer attempting to find life after government service by proseletyzing the concept of a "Digital Pearl Harbor" has moved on to a new tide in attempting self-promotion-without-actually-having-done-anything-to-promote. He is now promoting his lateless ramblings by riding the "Obvious Statements About the Current Administration" bandwagon as documented in this article:


Former Cyberterrorism Czar: 'Bush Doesn't Get It'
http://www.crn.com/security/201202558

Well duh. Bush doesn't get it.

The article brings great points, such as how a) the talk was really about how Clarke knows best and he told the President so years ago and everyone should b) buy his latest ramblings.

Other highlights include the need for "more use of encryption" and "better authentication of users". Not to be outdone, Clarke also mentioned the need for bug free software, demonstrating the sheer prowess he has

personally, I'm still awaiting the Digital Pearl Harbor. I can't wait for a life without cellphones and email.

Lethal Weapons Now Allowed Back on Aeroplanes

In case you didn't catch it, you're now allowed to bring standard cigarette lighters on board planes.

These were previously banned on aircraft because of the *obvious* dangers they present, versus say the dangers of oh, matches or those teeny little bottles of flammable liquids the stewardesses bring you for five bucks.

Damn It Feels Good To Be A Gangster

This is dedicated to all my buds in the basements and SCIF's who can't experience the incredible weather we have today. Sorry bro's.


damn it feels good to be commercial
running around every day
ain't got no scif or sci
but i get to watch the birds outside play
damn it feels good to be commercial
workin' it each every way
no GS scales not contractor deal
but it's beautiful weather today
damn it feels good to be commercial

Sunday, July 29, 2007

ICE Denies Halvar Entry Into US

In an early morning blog entry, security icon Halvar Flake described the manner in which the US Immigrations [or whoever] denied him entry into the US.

Seriously. He was "denied entry" because of a corporate-entity technicality by striking a deal with Blackhat as an INDIVIDUAL HUMAN BEING instead of as a CORPORATION. Yeah man, strike one for the big guys.

This kind of treatment to someone whom is clearly a highly skilled, self-sufficient technology worker with a documented, viable need for entry is a disgrace.

Incidents like these make me afraid of Americans.

Friday, July 20, 2007

The Gods Must Be Crazy: OLPC successful in introducing western culture

This was only a matter of time. What happens when you make a giant effort to introduce fancy western technology into lesser developing countries in an effort to make them part of the global village ?

Well in the case of certain Nigerian students who received One Laptop Per Child systems, they learned all too well and all too quickly and used their laptops exactly as we use ours ...

From http://africa.reuters.com/wire/news/usnL19821905.html

----
Nigerian pupils browse porn on donated laptops
Thu 19 Jul 2007, 15:34 GMT

[-] Text [+] ABUJA, July 19 (Reuters Life!) - Nigerian schoolchildren who received laptops from a U.S. aid organisation have used them to explore pornographic sites on the Internet, the official News Agency of Nigeria (NAN) reported on Thursday.

NAN said its reporter had seen pornographic images stored on several of the children's laptops.

"Efforts to promote learning with laptops in a primary school in Abuja have gone awry as the pupils freely browse adult sites with explicit sexual materials," NAN said.

A representative of the One Laptop Per Child aid group was quoted as saying that the computers, part of a pilot scheme, would now be fitted with filters

Monday, July 16, 2007

Give Peace a USD 1,700 Chance

A friend at Ebay shot me this:

http://cgi.ebay.com/A-Solution-to-the-War-in-Iraq_W0QQitemZ150141399174QQihZ005QQcategoryZ50341QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

Friday, July 06, 2007

this is the suck

3 conferences in 3 days, between which there are no direct flights ... That's right, 6 flights in 3 days.

Saturday, May 26, 2007

Hacking TomTom

I bought a TomTom 910. It sucks the ass of the Garmin Nuvi 660; literally can't compete on any feature, from traffic to navigation to even the remote control. Turns out the sole advantage it has over other's is the 20gig drive that you can load up with music. That's cool, but turns out I already have a big ole iPod for that anyhow. Soo,.... I was thinking of returning this crap . I mean seriously, they haven't put *any* thought into it, right down to the black plastic case (for a system designed to sit on a windshield that ain't too smart).

Well, I may actually end up keeping this thing. Turns out it’s very hackable. I don’t mean hackable as in OpenTom, I mean they’re just plain sloppy about stuff.

For instance, they keep system shell files in /mnt/sd, which is the volume that’s displayed when you mount it as a USB drive. Here’s what I found:

Under the PPP directory they maintain shell scripts to perform PPP/CHAP authentication (since you dial in via your cellphone for traffic updates). I don’t see a reason to keep these in a user mountable volume, but they did. Actually, I now see a benefit to it: you can self configure your phone connection much easier than using the interface on the hardware itself. And trust me, if you’re in the US using a smartphone (like say, the wickedly popular T-Mob MDA or other HTC device that’s so popular amongst US based geeks now) you’ll be manually configuring your connection.

Here are the files:

F:\ppp>dir
Volume in drive F is TomTom Disk
Volume Serial Number is 4371-ED7D

Directory of F:\ppp

04/30/2007 06:56 PM -DIR- .
04/30/2007 06:56 PM -DIR- ..
05/26/2007 03:28 PM 268 ip-up
05/26/2007 03:28 PM 53 ip-down
05/26/2007 03:28 PM 375 pppsetup.sh
05/26/2007 03:28 PM 185 gprs-disconnect-chat
05/26/2007 03:28 PM 6 pap-secrets
05/26/2007 03:28 PM 6 chap-secrets
05/26/2007 03:28 PM 293 gprs-connect-chat
05/26/2007 03:28 PM 302 ttgobuddy-ppp-peers
05/26/2007 03:28 PM 112 phone.sh
9 File(s) 1,600 bytes
2 Dir(s) 9,462,497,280 bytes free

F:\ppp>

They do stuff like turn up a loopback interface, etc … the basics. They initalize when you try to connect via the phone for traffic updates etc.

So, in one of these scripts I slipped a little “mkdir n074h4x0r, cp /etc/* /mnt/sd/n074h4x0r“ and sure enough, I now have a copy of the /etc dir in userland for me to see … now I have direct access to the entire system without going through the trouble of building serial connectors, etc. like the OpenTom folks did (I’m not dissing them, I just don’t have the time or interest in going to the extent they did).

Interesting little device, and boy are they sloppy. BTW /etc/passwd contains one entry, and I bet you can figure out what it looks like

Friday, May 25, 2007

Breaking Proxies

The really great thing about getting a vulnerability on a proxy, is that it's downstream from any monitoring. I think that's great.

Now This is How to Recruit

HTTP/1.1 200 OK
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 25 May 2007 13:16:26 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 3735
Date: Fri, 25 May 2007 13:16:26 GMT
Server: LiteSpeed

Friday, April 20, 2007

Being a Consultant

4/18/2007, 10:35 PM Flying Home.


Sometimes being a consultant means being alone, as dean saxe wrote. Sometimes it's being surrounded by annoyingly drunk vegas-bound people while flying over the most majestic snow-capped mountains you've ever seen and wishing, ironically enough, that for that one moment you could be alone and frozen in time instead of flying home overnight.

Tuesday, January 09, 2007

test

Access Denied/ Forbidden / HTTP 500 Errors

If you recently came to my blog and saw messages like this, you may have been worried. I know many people rely on my blog for their daily dose of reassurance; a little cup full of warm tea in this wintry cold land of reality.

Frankly, I thought Google had finally "caught" me. I'm using Caught tongue in cheek here; sure I have script on this site, none of it's maliscious (a single alert box). Believe it or not, I actually told Google security about it last summer. Their response was that they know they have work to do on this site, but that's why the authentication domain is different from the hosting domain. I guess malcode sites don't upset them or something. Who knows.

So to be honest, I freaked. A buddy of mine told me the site was broken, and I was getting FORBIDDEN's on every blogger site I went to. I assumed they killed my blog and starting dropping my IP. After all, this blog uses words like "hacker" and "bomb" and "hip-hop" ; certainly reasons for fear. I went to work quickly. I discovered a way to access the content - I thought I had found a way "around" their "block" - and went to start mirroring my content off, only to find a full drive. No worries, that's why I had just purchased an external drive !! Quickly I assemble it and start moving content off. Ha !! I'm saving my blog now and then

oh.

i read http://status.blogger.com. Turns out there were having all sorts of issues doing the transitions from "old blogger" to "new blogger". That's all.

No drama. They didn't didn't shut down my blog, they didn't blog my IP. They had good old fashioned technical trouble.

You can rest easy now. They still can't catch me. Never gonna find me. Never gonna know that I'm not a hacker. It's okay now; you can crawl out from under your desk.

No, browse on, and enjoy.

Friday, January 05, 2007

Avoid Scams By Not Being Retarded

Apparently the best way to avoid being scammed on Craiglist is to NOT BE RETARDED. I'm sorry, but if you fall for *any* of the sample emails at http://www.craigslist.org/about/scams.html then you really shouldn't be using a computer. These things areafairly complicated machines, after all. And damn, I just hit ctrl+B for bold, and this editor inserted a span tag for me. No wonder there's script injection all over this damn site.

Fo' shizzle.

Tuesday, December 26, 2006

Kansas. Saying What All The Other Banks Are Thinking.

I was driving through Kansas City once, as I often will do, and saw a bank logo that made me take mental note. So voila - I bring to you ...



Central Bank of Kansas


Central Bank of Kansas City.

Sunday, December 10, 2006

FBI Hindered by Radical Militant Librarians

This is a hoot. Just so you can follow the stream, it started as "couple arrested under Patriot Act for sex on a plane" then to a DoJ site, then the EFF then, this NPR article:

http://www.npr.org/templates/story/story.php?storyId=5049679

"One FBI e-mail from 2003 complains that the Office of Intelligence Policy and Review (OIPR) "should be embarrassed that the FBI has used this valuable tool to fight terrorism exactly ZERO times."

The e-mail goes on: "The inability of FBI investigators to use this seemingly effective tool has had a direct and clearly adverse impact on our terrorism cases. While radical militant librarians kick us around, true terrorists benefit from OIPR's failure to let us use the tools given to us." "

"Radical militant librarians". That's just awesome. I wish we had those where I live. Here, you're late with a book, they just politely ask you for some small change. Except once, when I was a child, I was a little too loud, and the radical militants who ran the politely reminded me I was in a library (but in a very radically polite way, the sort of overly polite way that just seems a bit contrived or uhmmm, militant.).

I think Monty Python should reassemble just to make a skit out of this. Like, person returns book a day late, argues that it was a holiday or something along those lines, librarian freaks to the tune of "it doesn't say due back on the 2nd unless you felt like taking a day off does it ? It says due back on the SECOND !" , some verbal swashbuckling for a brief moment, but eventually the librarian backs away from the counter and stops arguing.

The librarian gets shifty eyes, slowly pulls out a tube of hair jell. Someone next to him glances at it and realizes it's not the innocent civilian 3 oz. tube, it's the MILITANT LETHAL 5 OUNCE TUBE. Someone screams, people are running. Too late. The librarian has a 5 oz tube of hair gel, a 4 oz stick of deodorant, and 4 ounces of contact lens solution and IT'S NOT EVEN IN A QUART BAG. People are getting sprayed with hair gell, a guy gets hit with contact lens solution. He tries to dodge it but too late it's now soaking at least a square inch of his shirt and there's bits of deodorant flying EVERYWHERE ; at nasty high speeds mind you, not the normal sort of deodorant-flying-around you're likely to see, because this after all is a RADICAL MILITANT LIBRARIAN with invidual items over 3 ounces and to bulky to fit into a one quart plastic bag !!!

I'm probably under surveillance right now ; )

Wednesday, December 06, 2006

Gellin Like a Felon. For Real.

TSA gets even more retarded, gel-based shoe inserts now not allowed on a plane. You have to check them. YES, CHECK your shoe inserts. I'd like to see someone just check their shoes altogether. That would be awesome.

"Gel shoe inserts - Gel shoe inserts are not permitted, but shoes constructed with gel heels are allowed and must be removed and screened. Read more on our shoe screening policy."

Wednesday, November 22, 2006

Stop. Click. Watch. This Is Mandatory

These are really well done, from the set, to the acting right down to the videography. Best of all, they're good technical caricatures as well.

You must stop and watch these now.

TrueNuff's Mac Spoof Series.

Friday, November 17, 2006

$100 Dollars The Easy Way. Seriously.

I will give $100 USD to anyone who can give me 20 minutes of honest-to-god, non-rigged, non-staged video footage of a Fresh-Off-The-Plane Japanese tourist using this phrasebook in New York City.

http://www.myconfinedspace.com/2006/04/28/off-the-hook-english-guide-for-asians/

Sunday, November 05, 2006

Aiport Security Is a Plastic Bag.

Once on the DailyDave I saw mention of a site called Eyewash Security that paid testimony to multiple "security" practices that were in fact completely bullshit. Of course, little did they know that "eyewash security" would soon mean " you can't take eye drops on a fucking plane".

Last time I flew (which was like about 12 hours ago given my schedule) the guy in front of me had multiple lethal weapons cleverly disguised as household toiletries. They materials could have easily been used individually or in combination to create a dangerous chemical combination that could have been used to a) give someone an itch or rash that persisted over 4 days or b) irritated eyes and sinues or c) smoother, softer skin and fresher breath. Frankly, I shudder at the thought of someone actually using hair gel during a flight.

Fortunately, the TSA automotranic thingies at the death detectors caught him, because he used the WRONG SIZE PLASTIC BAG.

[Yes our FUCKING NATIONAL AIRPORT SECURITY APPARENTLY LIES IN THE HANDS OF ZIPLOC. Should ZipLoc suddenly stop making bags of one-quart sized or smaller, we're all fucked for air travel. ]

The TSA agent actually made this poor shmuck throw out his toiletries because he used the metropolis destroying GALLON sized freezer bag, instead of the completely safe and pre-validated QUART sized bag. Oh - and this is even funnier - they also said one of his tubes of Death In A Gel was unlabeled and all items had to be labeled. Note to Ahmed: pick up some Right-Guard at CVS for the Annihlation Cum Shaving Cream.

The terrorists have won. We're all fucktarded now.

[ That's it. The post is over. I'm crawling under my bed now. Over and out.]

News Flash : Carrying Simulated C4 and Detonator Aboard Plane Apparently Completely Different from Carrying ACTUAL C4 and Detonator Aboard Plane

I fly tomorrow and suddenly remember how fucking moronically unsafe flying can be. Or maybe it's the people running airport security. I can't remember which.

I used to worry that someone on board could have a bomb. No sense worrying about that anymore. They can:

http://newsinfo.inq7.net/inquirerheadlines/nation/view_article.php?article_id=20005
Note that this is a followup to the main story in which the guy claimed to use live C4. Here he clarifies that it was a simulation of a bomb, with simulated C4 and a simulated detonator.

In fact, the whole "recanting" is full of contradictions and bullshit:

1. "He said the airport x-ray machines detected no explosives on his person “because (the materials I brought in) were not real.”

Ok, small problem: x-ray machines don't know the difference between live C4 and a mass of equal density and resistance to radiation. A lump of the right clay and a lump of C4 look all the same to an x-ray machine. Except of course, that us, as the mindless fucking citizenry of the world, are not special gov't consultants whom are suddenly backpedaling our asses off.

2. “If you try to bring in fakes, that’s a useless training. I didn’t bring these to test airport security ... They (the materials) were on my person. But these are not illegal. Clay is not illegal.”

And neither is contact lens solution, hand-cream or hair gel fucktard. A lump of fucking playdough with a fake blastic cap attached to it. Oh sure, they could tell just from the bulge created in your clothing they were fake. Oh, and I'm glad that he mentioned that the materials were on his person. Frankly, that's a relief since we all know that noone blows up a plane with materials on their person; the bombs are actually slipped on board via the beverage cart in at least 80% of movies.

3. "Macariola also said that “this whole thing is blown out of proportion. No word can described the damage it has done to my name. It has destroyed my world.”

Ah yes, those old proportions are at it again. While every travelling America is suffering the fascist ridicule of a fucktarded physical security program - no doubt to become even more fucktard should the Repiblican Empire lose this years votes for Lesser Deities - an article appears about someone taking live explosives onto a plane and shocks the world. That is just blowing it completely out of proportions. That's nowhere near as bad as say, an expert in explosives detection who apparently doesn't understand the difference between x-ray detection and nitro detection.

4. "The Inquirer story did not mention his name. It was, in fact, security officials who had revealed his identity to reporters."

Hahahaahahahaha.


So here we have this great article trying to backstep out of the "holy shit the Phillipine airports are amazingly unsafe" rep originally created, only to serve as further confirmation that Phillipine airports are amazingly unsafe. As if you didn't know.

What Do Brown-Edged Lettuce Wedges and Airport Magnometers Have In Common ?

Neither are a problem for this 5 dollar cooking tool:

http://www.cooking.com/products/shprodde.asp?SKU=184134

Oh and by the way, surgically sharp ceramic knives hit the mass market a couple years ago and are available for under 100 dollars.

Just more evidence that physical security in airports is mostly eyewash to calm the masses so we can keep on flying. Of course, eyewash itself is prohibited [update: if you stick your eyewash inside a Zip-Loc brand it is not prohibited.]

Thursday, November 02, 2006

So You Want To Date A Stripper ?

Sunday, October 29, 2006

Full Disclosure Food for Thought

My personal jury is still out on disclosure policies ... I've had really good results performing private disclosures although recently I found a gaping hole in a very important application was told that their official policy is to not response to disclosures at all, like not even return the email or phone call. Personally I think that is very very bad and will take up seperately.

Despite there being arguments for and against full disclosure, the industry generally accepts the standard of performing a private disclosure then waiting a reasonable (which is as of yet undetermined) amount of time before announcing the vulnerability publicly.

My latest food for thought comes from an issue regarding the latest "security researcher" to get arrested. Note that the term "security researcher" is applied really loosely these days; it seems like people think that simply calling themselves a researcher provides carte blanche to do whatever they want ... a trend that is thankfully not apparent in other industries such as nuclear physics, micro-biology and other areas where rogue "researchers" are not wanted.

This week's rogue researcher was a very young PhD candidate whom realized that you could print your own falsified travel documents right at home. He created a site that would let you print a false boarding pass that, while not actually in the computer system and therefore wouldn't let you pass the gate check (where they scan the docs and validate them) would indeed let you bypass the TSA's No-Fly checks (which apparently occur strictly in the computer system). The TSA agents never authenticate a boarding pass; they simply authenticate those who present them by checking their ID.

This guy's already feeling the long arm of the law, namely the Justice Department for his ridiculous indiscretions, but a recent note was posted: a US Senator had already completely disclosed the vulnerability it detail via a Press Release. Now, while it's generally accepted that all politicians are high priced whores, particularly when it comes to such money-topics as Terrorism the act of detailing a national physical vulnerability through the most visible means they have (a press release) is certainly extremely controversial. So while this 24 year old kid - who's a criminal and an idiot - is getting busted and will probably be hit with the full NotAPatriot Act, an older, presumably more mature, more responsible Senator is just as complicit.

Link to Schumer's own Press Release on Senate.Gov: http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html

And the official letter he sent to the TSA, dated at approximately the same time as the Press Release, resulting in zero response time allowed:

http://www.senate.gov/~schumer/SchumerWebsite/pressroom/Letters/TSA%20STONE%202-13-05.pdf

This story has been slashdotted, so don't expect those docs to stay online long. I'll try to mirror them.

Full Disclosure Food for Thought

My personal jury is still out on disclosure policies ... I've had really good results performing private disclosures although recently I found a gaping hole in a very important application was told that their official policy is to not response to disclosures at all, like not even return the email or phone call. Personally I think that is very very bad and will take up seperately.

Despite there being arguments for and against full disclosure, the industry generally accepts the standard of performing a private disclosure then waiting a reasonable (which is as of yet undetermined) amount of time before announcing the vulnerability publicly.

My latest food for thought comes from an issue regarding the latest "security researcher" to get arrested. Note that the term "security researcher" is applied really loosely these days; it seems like people think that simply calling themselves a researcher provides carte blanche to do whatever they want ... a trend that is thankfully not apparent in other industries such as nuclear physics, micro-biology and other areas where rogue "researchers" are not wanted.

This week's rogue researcher was a very young PhD candidate whom realized that you could print your own falsified travel documents right at home. He created a site that would let you print a false boarding pass that, while not actually in the computer system and therefore wouldn't let you pass the gate check (where they scan the docs and validate them) would indeed let you bypass the TSA's No-Fly checks (which apparently occur strictly in the computer system). The TSA agents never authenticate a boarding pass; they simply authenticate those who present them by checking their ID.

This guy's already feeling the long arm of the law, namely the Justice Department for his ridiculous indiscretions, but a recent note was posted: a US Senator had already completely disclosed the vulnerability it detail via a Press Release. Now, while it's generally accepted that all politicians are high priced whores, particularly when it comes to such money-topics as Terrorism the act of detailing a national physical vulnerability through the most visible means they have (a press release) is certainly extremely controversial. So while this 24 year old kid - who's a criminal and an idiot - is getting busted and will probably be hit with the full NotAPatriot Act, an older, presumably more mature, more responsible Senator is just as complicit.

Link to Schumer's own Press Release on Senate.Gov: http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html

And the official letter he sent to the TSA, dated at approximately the same time as the Press Release, resulting in zero response time allowed:

http://www.senate.gov/~schumer/SchumerWebsite/pressroom/Letters/TSA%20STONE%202-13-05.pdf

This story has been slashdotted, so don't expect those docs to stay online long. I'll try to mirror them.

Full Disclosure Food for Thought

My personal jury is still out on disclosure policies ... I've had really good results performing private disclosures although recently I found a gaping hole in a very important application was told that their official policy is to not response to disclosures at all, like not even return the email or phone call. Personally I think that is very very bad and will take up seperately.

Despite there being arguments for and against full disclosure, the industry generally accepts the standard of performing a private disclosure then waiting a reasonable (which is as of yet undetermined) amount of time before announcing the vulnerability publicly.

My latest food for thought comes from an issue regarding the latest "security researcher" to get arrested. Note that the term "security researcher" is applied really loosely these days; it seems like people think that simply calling themselves a researcher provides carte blanche to do whatever they want ... a trend that is thankfully not apparent in other industries such as nuclear physics, micro-biology and other areas where rogue "researchers" are not wanted.

This week's rogue researcher was a very young PhD candidate whom realized that you could print your own falsified travel documents right at home. He created a site that would let you print a false boarding pass that, while not actually in the computer system and therefore wouldn't let you pass the gate check (where they scan the docs and validate them) would indeed let you bypass the TSA's No-Fly checks (which apparently occur strictly in the computer system). The TSA agents never authenticate a boarding pass; they simply authenticate those who present them by checking their ID.

This guy's already feeling the long arm of the law, namely the Justice Department for his ridiculous indiscretions, but a recent note was posted: a US Senator had already completely disclosed the vulnerability it detail via a Press Release. Now, while it's generally accepted that all politicians are high priced whores, particularly when it comes to such money-topics as Terrorism the act of detailing a national physical vulnerability through the most visible means they have (a press release) is certainly extremely controversial. So while this 24 year old kid - who's a criminal and an idiot - is getting busted and will probably be hit with the full NotAPatriot Act, an older, presumably more mature, more responsible Senator is just as complicit.

Link to Schumer's own Press Release on Senate.Gov: http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html

And the official letter he sent to the TSA, dated at approximately the same time as the Press Release, resulting in zero response time allowed:

http://www.senate.gov/~schumer/SchumerWebsite/pressroom/Letters/TSA%20STONE%202-13-05.pdf

This story has been slashdotted, so don't expect those docs to stay online long. I'll try to mirror them.

Wednesday, October 25, 2006

This might actually be the best captcha idea I've seen in a while.

It's certainly the most enjoyable.

http://www.hotcaptcha.com/

It actually makes sense too; the level of programming required to analyse what shapes/tones/poses etc makes someone "hot" is way to far advanced from current levels, so this one might actually be good for a while.

Of course, it may start getting offensive when the system keeps repeating it's captcha requests to you over and over ... in which case you probably need to get out much.

Skiddies on Parade

or "What Not To Do With New Found Skills"

http://www.youtube.com/watch?v=MJNJjh4jORY

Wonder if he stopped to think about things like watermarks, digital serial numbers and the sort before he made that video.

If you want to show what an elite Skiddie you are, give a talk at some Skiddie conference. You could call your talk "How I BroadCast Empirical Evidence of Illegal Activity"

Let the Browser Games Being: Firefox 2.0 Out This Week

According to an article written by Brian Krebs (yeah, you know him, we all know him) FF 2.0 is out. In addition to tons of small fixes, there's some new functionality ... some of which sounds a bit similar to IE 7 actually.

For starters, they moved the X to close a tab to the tab itself, like IE 7 does. They also include "anti-phishing" technology. Krebs notes that it will be interesting to see how the technologies compare, and I agree. I think the most interesting aspect, however, will be to see HOW they deal with phishing. Many have contented in the past (including myself) that phishing is a social attack that simply can't be stopped with technology. I think that given the state of the industry's general knowledge at that time it was a fairly accurate statement. As people learn more and analyse more, however, solutions begin to appear. Google "Rsnake phishing" for some good threads on the subject.

Sorry I couldn't put more analysis in here, but I'm a pretty busy guy and way too interuppt-driven :(

Kreb's article: http://blog.washingtonpost.com/cgi-bin/mt/mtb.cgi/12611

RSnake on Phishing: http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLJ,GGLJ:2006-42,GGLJ:en&q=rsnake+phishing

Wednesday, September 27, 2006

3 Rules of Incident Response for Public Affairs

There are three basic rules that every public affairs official, marketing officer, or other type of spokesperson should really follow when addressing any sort of computer security incident.

The First Cardinal Rule of Incident Response is a simple one: Don't Deny It or Make Assurances
The Second Cardinal Rule of Incident Response is equally simple: Know Who You're Dealing With.

The State Government of Rhode Island learned these rules the hard way after it was alledged that their state website (http://www.RI.gov) was cracked and leaked credit cards. Their PR spokesperson - probably not the best person to be making public statements following an IA incident - publicly stated that the cards were encrypted and that they had always been PCI compliant. Witness there the failure of Rule Number ONE. Unfortunately for her, a few days later a Russian university student posted his/her screenshots, clearing showing multiple PCI violations and finally resulting in - ta dah ! - plain text credit card numbers. Rule number two: know thy enemy. If you're a state government then the odds of you outsmarting a Russian cracker are very slim indeed.

Now, behaviour like that could almost be expected from state governments; they're subject to the same bureaucracy and limitations as the Federal government, yet with even less funding. But when it comes from within the industry, it gets entertaining.

I bring forth to you, my loyal readers, the most recent violation of the First and Second Cardinal Rules of Incident Response, this time presented by two web application security software manufacturers. It all starts with a guy named RSnake on a site with a funny domain name that most people don't understand. RSnake, as it turns out, happens to be pretty darned skilled in that willy little bug they call Cross-Site-Scripting. Pretty much anyone who's been in the industry more than, say 6 minutes, realizes that. He's been on a bit of a rampage with it recently as well, and in the not-too-distant-past created a public message board for the general public to post their XSS gripes. F5 and Acunetix made that board.

You may know F5 for their networking products, but approximately a year ago they acquired the IP to the defunct AppShield and started integrating it into their products. That move made them a hopeful in the world of web application firewalls, though NetContinuum still seems to outshine them in that space. I doubt F5 is really ramped up yet though, and when they do it will tough to beat them in the WAF space.

Acunetix makes a toy web application scanner called, uhm, well I guess called Acunetix. I can't remember the name because I've never seen it anywhere or heard of anyone using it. But it's out there somewhere I suppose or they wouldn't have a website with which to host XSS vulns.

In response to the listings on the website they publicly denied having the vulnerabilities in an online article, thereby breaking the first cardinal rule. Read the full PR here:
http://www.darkreading.com/document.asp?doc_id=104739&f_src=darkreading_section_296

You can just count the gems in there. My favorite is Tamara Borg (Acunetix Marketing Cyb) stating that "We are developers of a Web application security software tool which detects such vulnerabilities," she says. "Our Website is scanned on a daily basis to ensure that no such vulnerabilities exist."

Ahhh dear Tamara, unlike your ruthlessly efficient sister Seven, you have miscalculated, and now the keystone of your argument lies in the midst of the ruins of your failed assertion. Your scanner sucks.

F5 was a little bit smarter about things. They admitted to a problem, but attempted to mitigate the PR damage by implying vulnerabillity mitigation: "

F5 says its site did have a vulnerability, but it was an HTML injection issue, not XSS. "With the vulnerability on our site, a specially crafted URL could cause an error page," says Ken Salchow, product marketing manager for F5. "But it would not run the code" like an XSS exploit would do, he says."

The problem is, there's a really fine line between HTML and XSS; one that's easily crossed. I'm not going to bother typing up the rest of this article; I believe these screenshots say it all. These are not mine, by the way, but unfortunately I can't properly attribute them as I have no idea where they came from. But the great thing about XSS is; you can go make your own screenshots ! Doh !


Oh , and the third rule ? It's actually one I learned years ago from watching the Simpsons: "Don't Mess with a Guy Named 'Snake' "

Sunday, August 20, 2006

BlackHat "Best Of".


dude, it's the Reel Big Fish ... on the first night in Vegas !!! w00t.

Nothing could have been finer. AND thanks to me being drunk enough to leave in my license and cc at the bar (yeah, it's happens k? ) I got to not only SEE the Fish, but hang out Aaron and John afterwards.

Wednesday, August 16, 2006

Freakishly Paranoid Air Travel Security Plans totally CHUMPED by drunk dude.

I'm still laughing after this one ...

I can't take a half ounce of contact rewetting drops on a plane (even after pouring it in my EYES to show it wasn't, say, some sort of liquid death ray annhialator ) , but a 24 year old drunk dude spent 6 minutes in the middle of two runways at Chicago Midway.

http://cbs2chicago.com/video?id=20864@wbbm.dayport.com&cid=5

Saturday, August 12, 2006

My Latest Crack

Friday, August 11, 2006

WebApp or Not ? Lieberman's site

[Time Spent on this: Low. I don't have Time]

Zone-H recently ran an article describing a file inclusion problem on software that was running on Joe Lieberman's site. Most recently his site was DOS'd which is probably unrelated, but the descriptions in the article make it sound quite feasible that the prior defacement was indeed a web app exploit.

This one seems unrelated to another Turkish defacer who's been making the rounds lately.

http://www.zone-h.org/content/view/14012/31/

More Tragic Comcast Customer Service

So my wife calls the circus this morning, and they tell me that their guy called the house yesterday and since noone answered he didn't come by. We check the house phone; one missed call from a blocked Caller ID, no attempts to call again, no attempts to reach me by cell ( which was clearly listed). So NOW they say we can come by their office and pick up a new one. I specifically asked them if I could just pickup a new one at their office when I first called them on this and of course they said no.

These people are fucking assclowns. It's going to feel so good to tell them to cancel my service.

Thursday, August 10, 2006

Backs up from stranger, bumps into wall.

Session Start (ImNotAHaxorD00d:999www): Thu Aug 10 16:16:21 2006
[16:16] 999www: better
[16:16] ImNotAHaxorD00d: yep tx
[16:17] 999www: got the debrief from [person] about the [place] in vegas
[16:17] ImNotAHaxorD00d: it was excellent.
[16:17] 999www: nice!
[16:17] 999www: who'se your daddy?
[16:17] 999www: lol
[16:17] ImNotAHaxorD00d: i'm free now if you want to call.
[16:17] 999www: yeah
[16:17] ImNotAHaxorD00d: Uhm... and don't ask me who's your daddy again.

6 More Days Till FIOS

Comcast is blowing it worse than a Vegas hooker on a slow night.

Ok, IVR's are annoying enough, but IVR"s that force you to do IVR troubleshooting are even worse. The only way to make them even *more* annoying would be to make them a voice-response IVR. Oh wait ... they did.



Their tech was a no-show. This makes 2 days of waiting and 6 contacts - SIX ! to get a modem replaced. Today's was great; the guy tried to troubleshoot me again. I told him I was still waiting for the tech to come out and replace my modem, and he tried to troubleshoot me again. I'm sorry, but I can tell when the physical layer is down. No link is no link, and it ain't got shit to do with whether I use Windows XP or Windows 2000 or OpenBSD.

"But what if they get out there and it's not the modem ? " he asks.
"It's the modem" I repeat [ this after explaining the troubleshooting process I used].
"But what if it's not the modem" he probes again.
"Dude, I've built some pretty sizable IP networks, I can troubleshoot. It's the modem."
"But I'm just saying, what if it isn't ? "
"Then I repeat 6 years of school and question the past 8 years of my career."
"Ok, well he's supposed to be there between 12:30 and 4:30, so sit tight a bit. Here's a phone number you can call to check on his status, but if you call before the window closes they'll just tell you to wait until 4:30 and call back."
He gives me a phone number.

2 hours later, it's now 5:01 ... I call the number I was given. The guy looks me up. Asks me my zip. Says "Sir, it looks like you're in so-and-so state ? " "Right" "Well we're in Tallahasee. I think you were given the wrong number".

So I call the 800 number again. Guy asks what the problem is, I tell him their tech was supposed to be out here between 12:30 and 4;30 and was a no-show. I'm expecting him to say "Ok let me contact him." Oh no... what does asshole do ?

"What are the lights on your modem right now"
"Excuse me ? "
"What lights are on on your modem now ? "
"Dude that's beside the point. I'm not going through that shit again. I didn't call to troubleshoot my service , I called because your tech was supposed to be here and wasn't. That's what you need to be troubleshooting."

[Hold for 10 minutes, fortunately I'm keying all of this in to occupy the time. Shit, I really have to get that phone recorder hooked up; this would make classic audio.]

"Ok sir, here's a number you can call to check on the tech if he's running a little bit late. "
Gives me same wrong number as last guy.
"I just called that number and it goes to Tallahasee [sp?] Florida. "
[ still holding ... ]

Oh motherflickr, I got dumped out into a new queue.

"Comcast can I help you"
"Oh dude, you got screwed. The last guy I just spoke to just dumped me back into the queue. " "NO worries, I get the feeling this is going to be like a 7 minute call "

ok, now I'm really intrigued. Did I finally find the man ? The one dude with the experience and brains to go "let me call the guy on his cellphone ? " ....

After going through the 5 minute authentication again (which mostly consists of repeating information from their database that you can hear them murmuring to themselves anyhow) the guy says:

"oh here's why we can't find you by phone number; the area code got blanked out. I'll transfer you to billing after we're done".
"Seriously ? Can't you just put a note in there for billing to clean up their own CRM ? Do I really have to spend more time on the phone ? "

Stay tuned for more tragic customer service.

Tuesday, August 08, 2006

The "Do Not TroubleShoot List"

I'm sick and tired of Comcast's support staff. They used to be ok. They'd ask something insipid like "what operating system are you using" and I'd say "what in the hell does my operating system have anything to do with your engineerings re-IP'ing the local edge ? " and they'd put me right through to their tier 3 guys who would admit they re-IP'd without telling anyone and give me some new IPs to use.

That's all changed in recent years though. No doubt like every good ginormous company they fired all their best people and replaced them with a whole bunch of low-end cheap staff whom follow "heuristics" and make pretty "metrics".

After 8 years - 8 FRICKING YEARS - I've had enough. I'm getting a FIOS line installed next week and will run parallel for a month or two then decide which to stay with. The funny thing is, if anyone of the "techs" who've been floundering had just read my prior tickets, they probably would have seen the clues and just escalated me right away, or better yet, taken my word for it when I tell them their cable modem's shot.

But nooooo, they have to troubleshoot. I can almost hear them turning the pages of their flowcharts, trying to figure out where I fit in their manual. I've managed the largest websites in the world. I can tell the techs more about the RF signal to my modem than they can. I don't need troubleshooting. The latest gems:

Tech: "What makes you think the ethernet port it out ? "
Me: "Well, because after 6 years of building networks I've figured out how to troubleshoot the physical layer."

Tech: Let me ask you this, when you have the ethernet hooked up, do you get an IP address ?
Me: No, because to get an IP address you'd need to be able to communicate DHCP over TCP/IP which would require an LLC link which, as I stated in my chief complaint, my modem's ethernet port doesn't have.

Sunday, August 06, 2006

Hot Buttery SQL Injection

This:

was just too much to bear so I'm doing something about it.

Tools

So I'm randomly clicking links and typing url's in an activity I like to refer to as "Surfing the Web" whilst my body slowly detoxes from my most recent events, and I come across this archaeological evidence that humans used primitive tools as communication devices as late as the 21st Century: http://www.fthe.net/stuff/management_speak.html

Saturday, August 05, 2006

Bookmark: Error Handling in SQL

Haven't gone through it in depth, but definitely one to bookmark for later.

http://www.sommarskog.se/error-handling-I.html#@@error

Sunday, July 30, 2006

As a matter of fact, I am at this very moment !

Saturday, July 29, 2006

heart attack more:causes_risk_factors

heart attack more:causes_risk_factors

A couple years ago when building a preso on google hacking I noticed a bug in their indexing ... if an indexed site actually had the exact search phrase listed, Google ignored that actual search characteristics and returned it as a search result.

For instance, if someone's site had "inurl:index.html" but it was sitting on say "default.html", then a google for "inurl:index.html" would return that site's default.html even though it didn't match the search pattern.

So, I'm just doing another little test here .... heart attack more:causes_risk_factors

Tuesday, July 18, 2006

Oh Yeah ? Well When I Was a Kid ...

Tuesday, June 13, 2006

Please stop using the COM TLD

If you're not a US site. You have your own TLD's you can use instead, and save surfers time and free up valuable domain names from those who could use it more appropriately.

Saturday, June 03, 2006

This Worries Me, But I can't quite put my finger on why

Article Not Available
The article that you are trying to view is no longer available through this Web site. The content is copyrighted by the Associated Press, which requires xxxxxxxx.com to delete its stories two weeks after they are originally posted.

Thursday, June 01, 2006

Some of those who work forces

are the same that burn crosses. Just a little reminder for you bitches.

Monday, May 29, 2006

Hacktivist Search Engine Optimization


And just so I'm doing what I can,
miserable failure
worst president ever

and to help out a googlewash that i personally feel is a good cause: jew , and my own googlewash frank welten couchpotatoe
david duke

Friday, May 19, 2006

Would that be a Preamble ?

Came across this little gem while researching some law ...


Wednesday, May 17, 2006

George Platoniotisae Has a Security Problem

Or "What Not To Name Your Wireless" Part Deux:


We'll Miss You Adventure

Raising children rejuvinates many ancient emotions and experiences, for better or for worse.

We had a pet pass away last night. I remember my son's wobbly voice this morning telling me he picked up Adventure and he didn't move, the instant trauma and pain when I confirmed his suspicions, my little girl's wailing. It was worse then when I lost my own father, or helping my wife through the loss of her mother. Pets teach children many lessons in many ways, but nothing's worse watching your own children mourn. I pray it's not something they'll have to do again for a long, long time.

Sunday, May 07, 2006

But Seriously, They Won't.

[22:51] yyyyyyy: heh i have an '02 elantra
[22:51] yyyyyyy: the new ones look a bit dif
[22:51] yyyyyyy: better
[22:51] yyyyyyy: but ive been happy with it as a cheapo car
[22:52] xxxx: yeah they're a great price !
[22:52] xxxx: besides really all i'm ever going to do is drive around the beltway and stuff , like haul the midgets and kayak
[22:52] yyyyyyy: heh how many midgets do you have
[22:52] xxxx: well it varies from 3 to anywhere near 10 sometimes.
[22:53] xxxx: it all depends on how much whipped cream i can get.
[22:53] yyyyyyy: wtf
[22:53] xxxx: well they don't dance for free you know

Saturday, May 06, 2006

Celebrity Profiles

If you know me like in the least, then you know I'm all about the celebrities. Never mind that I still don't know (or care) who Angellina Jolie (sp?) is ...

http://www.cracked.com/modules.php?op=modload&name=News&file=article&sid=374&mode=thread&order=0&thold=0

Monday, May 01, 2006

The B3atles Were Hax0rs

They were singing about SQL Injection, and like encryption and stuff way back in the 70's but they were like so tot4lly 3l337 that they were like just singing about it and noone figured out all the hax and stuff th3y were d0ing. Ch3ck it:

"Your outsides are in, and your insides are out." Ha ! I love this one. Paul like obvi0usly just pl0wn3d someone's datab4se, and he's like actually SINGING about it ! And th3n he's all taunt1ng and stuff, l1k3 "Everybody's got something to hide except for me and my monkey" oh so tru3 and h0w sweet he's just like "dud3 I h4v3 y0ur d4tab4s3 and l1k3 ev3n my m0nk3y c0uld do it" ! And h0w l337 is hav1ng a m0nk3y ! w00t.

Saturday, April 29, 2006

I think I may be a bastard.

So i'm intentionally building this ridiculous site that uses un-nonced hashes to pass credentials, and I decide I want to obscure the script so that people have to actually recognize the tokens and work on them a bit to figure out what they are.

So the first thing I do it /s \n "" to scrunch everything into one line.

then I grab a bunch of html from google and start pasting it in as random string variables.

One line of 19, 114 characters for them to sift through.

I think I may be a bastard.

Thursday, April 27, 2006

Here's Why They Can't Catch The BlackHats

Because they're catching all the whites and greys instead.

That was the smart-alaecky side of me speaking, but this truly is an issue that has to be decided upon. I have absolutely heard of multiple site owners being grateful someone found an issue and notified them before a really bad person used the issue.

I think the big question here is the actual disclosure process. I think everyone can agree that current generally accepted disclosure practice is to notify the software vendor first and give them a reasonable amount of time to respond.

Therefore my question here would be: did he notify USC first, or Security Focus first ?

--------
------------------------------------------------------------------------
Breach case could curtail Web flaw finders
Robert Lemos, SecurityFocus 2006-04-26

Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission.

Last Thursday, the U.S. Attorney's Office in the Central District of California leveled a single charge of computer intrusion against San Diego-based information-technology professional Eric McCarty, alleging that he used a Web exploit to illegally access an online application system for prospective students of the University of Southern California last June. The security issue--which could have allowed an attacker to manipulate a database of some 275,000 USC student and applicant records--was reported to SecurityFocus that same month. An article was published after the university was notified of the issue and fixed the vulnerable Web application.

Wednesday, April 26, 2006

Timmaaay !

OK, An Application Exception. What's the Big Deal ?





Wait A Minute ... no fricking way




Way.

(It's worse than you think.)







Timmaaaaay !

By The Way

Hashing passwords is all fine and dandy, still you start doing it in the client.





dumbasses.
clue--

I Think Their System Clock Is A Little Fast.

If you're a security services company, don't do this



[23:21] xxx: you know, it's funny. i explained to my wife what a session id is and how it works , then showed her that site and she said i guess they aren't very secure then.
[23:22] xxx: SHE figured out the implications of using a timestamp as a session id after a 10 second explanation of session ID"s. and she's barely computer literate.

Indeed. Quite funny.

Sunday, April 23, 2006

Reminder: If you use Windows you *have* to read these posts

Just spent hours defragging, reg cleaning (multiple tools) and compacting, and seriously, the most dramatic performance gain was after disabling one 3rd party context menu extension.

http://n074h4x0r.blogspot.com/2005/12/obscure-windows-gem-of-week-context.html
http://n074h4x0r.blogspot.com/2005/12/offending-extensions-pgp-81.html

I Watched It in the Dark and Didn't Even Flinch

I thought this was kind of funny.




















I seriously doubt they simply query on keywords for classifications, so I suspect human error here, or better yet hopefully this is one of their developer's sense of humour at play.

Some N074H4x0r Trivia: What's even funnier is I have a picture of myself in BlockBuster's headquarters with a big giant shaggy Monster's Inc. Model. Some colleagues and I took turns posing with it. No, I wasn't there to hack. I'm not a hacker. Remember ?

Tuesday, April 18, 2006

Does Not Compute

Look for new exploit techniques coming soon. The mechanism shouldn't surprise anyone, but we've dug into the underlying causes and already discovered multiple new ways of evoking it. More details later depending on how we choose to disclose it.

Monday, February 20, 2006

Raving Lunatic Businesses and their Investors 2.0

http://www.somethingawful.com/articles.php?a=3594

Sunday, February 19, 2006

If you didn't already know this .....

Rise of Nations is the biggest time thief in the world. And I'm the worst parent in the world. I took my 7 year old son to a RON lan party and we both played till 4 am . But hey, one could loosely rationalize it as "quality" time.

Doh !!

From: orangeofficer@hushmail.com <orangeofficer@hushmail.com>
Date: Feb 14, 2006 12:35 PM
Subject: [Full-disclosure] Fun with Foundstone
To: full-disclosure@lists.grok.org.uk


Things for a security company not to do in a webapp:

1. Do not auto-populate form fields on the page with customer names.

2. If you ignore rule number 1, don't use a simple, predictable id
for said auto-population.

https://download.foundstone.com/?o=^2155

Rinse, increment, and repeat for a list of Foundstone
customers...or at least a list of companies they've let download
software.

Now that's just plain sloppy.

What NOT to name your WAP

LG = Lancaster Gate ... the road name.






[22:43] xxxxxxxxAIM: you know, i always forget my password, so i just named the WAP after my password, is that bad?

[22:43] Thexxxxxxxxx: no.
[22:43] Thexxxxxxxxx: it's very convenient for everyone involed.
[22:43] Thexxxxxxxxx: involved.

Tuesday, February 14, 2006

Man versus Honda.

Things I've recently learned:
  • If you're having trouble getting the rotor and hub back on the axle, pound on the rotor, not the lugs.
  • An impact wrench is pretty much the only way to remove the master axle nut.
  • '92 Accord hubs are pressed in.
  • This means that when you're trying to remove the rotors (say, to get to the lugs) it's a pain in the ass just to get to the point where you realize you can't remove the rotors.
  • the hub nuts are 12pt 10mm. You can get the socket at Sears. Not that it matters. You won't be removing the hubs. You may think you will be, but you won't.
  • And the lugnuts ? Dealer only. No AEM carries the lugs with the built in washers to hold the plastic wheel cover on.

Monday, January 30, 2006

No I won't fix your computer ....

Ok, so you know how folks in the computer industry are constantly getting asked to fix their friends and family's computers ? Like to the point where people now have t-shirts that say "No I Won't Fix Your Computer".

Well, I get this call while I'm at a airport from my brother-in-law. He leaves a voicemail saying he needs help with his computer, so I call him back. Now mind you, he's about my age, very church going, a father of 4, and extremely conservative. But he didn't want help *fixing* a computer .... oh no, quite the contrary.

Me: "Hey it's me returning your call"
Him: "Oh hey I need help with a computer at work."
Me: "ok"
Him: " Is there anything you can do that would break a computer."
Me: " Well, yeah. Try formatting the disk for starts."
Him: " No, I mean something that would like permanently destroy it, so they'd have to completely replace it with a new one."
Me: "Wow. That whole church thing's just a cover isn't it."

Anyhow, a couple days later and a swipe of scissors across the mainboard while still powered, and his coworker gets the new computer. I'm now convinced he's at least quasi-evil.

Thursday, January 26, 2006

Rogue IM Clients and Unsuspecting Nymphos

This is so funny I pissed in my pants. No wait, it's even funnier. It's so funny I pissed on a prospects pants (inside joke, don't worry about it).

So this girl I know tells me to go to this website called adamchance.com . He has logs of IM clients on public machines, ie some dork installed AIM , chatted, then left with their client and buddy list loaded, so he started having some random conversations.

Most of the links on adamchance.com 404, so I'm resposting what she sent me here. Enjoy, keep some dry pants ready.

------------------------------
bloodninja: Baby, I been havin a tough night so treat me nice aight?
BritneySpears14: Aight.
bloodninja: Slip out of those pants baby, yeah.
BritneySpears14: I slip out of my pants, just for you, bloodninja.
bloodninja: Oh yeah, aight. Aight, I put on my robe and wizard hat.
BritneySpears14: Oh, I like to play dress up.
bloodninja: Me too baby.
BritneySpears14: I kiss you softly on your chest.
bloodninja: I cast Lvl. 3 Eroticism. You turn into a real beautiful woman.
BritneySpears14: Hey...
bloodninja: I meditate to regain my mana, before casting Lvl. 8 Cock of the Infinite.
BritneySpears14: Funny I still don't see it.
bloodninja: I spend my mana reserves to cast Mighty F*ck of the Beyondness.
BritneySpears14: You are the worst cyber partner ever. This is ridiculous.
bloodninja: Don't f*ck with me bitch, I'm the mightiest sorcerer of the lands.
bloodninja: I steal yo soul and cast Lightning Lvl. 1,000,000 Your body explodes into a fine bloody mist, because you are only a Lvl. 2 Druid.
BritneySpears14: Don't ever message me again you piece of ****.
bloodninja: Robots are trying to drill my brain but my lightning shield inflicts DOA attack, leaving the robots as flaming piles of metal.
bloodninja: King Arthur congratulates me for destroying Dr. Robotnik's evil army of Robot Socialist Republics. The cold war ends. Reagan steals my accomplishments and makes like it was cause of him.
bloodninja: You still there baby? I think it's getting hard now.
bloodninja: Baby?

-------------------

bloodninja: Ok baby, we got to hurry, I don't know how long I can keep it ready for you.
j_gurli3: thats ok. ok i'm a japanese schoolgirl, what r u.
bloodninja: A Rhinocerus. Well, hung like one, thats for sure.
j_gurli3: haha, ok lets go.
j_gurli3: i put my hand through ur hair, and kiss u on the neck.
bloodninja: I stomp the ground, and snort, to alert you that you are in my breeding territory.
j_gurli3: haha, ok, u know that turns me on.
j_gurli3: i start unbuttoning ur shirt.
bloodninja: Rhinoceruses don't wear shirts.
j_gurli3: No, ur not really a Rhinocerus silly, it's just part of the game.
bloodninja: Rhinoceruses don't play games. They f*cking charge your ass.
j_gurli3: stop, cmon be serious.
bloodninja: It doesn't get any more serious than a Rhinocerus about to charge your ass.
bloodninja: I stomp my feet, the dust stirs around my tough skinned feet.
j_gurli3: thats it.
bloodninja: Nostrils flaring, I lower my head. My horn, like some phallic symbol of my potent virility, is the last thing you see as skulls collide and mine remains the victor. You are now a bloody red ragdoll suspended in the air on my mighty horn.
bloodninja: Goddam am I hard now.

--------------

BritneySpears14: Ok, are you ready?
eminemBNJA: Aight, yeah I'm ready.
BritneySpears14: I like your music Em... Tee hee.
eminemBNJA: huh huh, yeah, I make it for the ladies.
BritneySpears14: Mmm, we like it a lot. Let me show you.
BritneySpears14: I take off your pants, slowly, and massage your muscular physique.
eminemBNJA: Oh I like that Baby. I put on my robe and wizard hat.
BritneySpears14: What the f*ck, I told you not to message me again.
eminemBNJA: Oh ****
BritneySpears14: I swear if you do it one more time I'm gonna report your ISP and say you were sending me kiddie porn you f*ck up.
eminemBNJA: Oh ****
eminemBNJA: damn I gotta write down your names or something

Bloodninja: I lick your earlobe, and undo your watch.
Sarah19fca: mmmm, okay.
Bloodninja: I take yo pants off, grunting like a troll.
Sarah19fca: Yeah I like it rough.
Bloodninja: I smack you thick booty.
Sarah19fca: Oh yeah, that feels good.
Bloodninja: Smack, Smack, yeeeaahhh.
Bloodninja: I make some toast and eat it off your ass. Land O' Lakes butter all in your crack. Mmmm.
Sarah19fca: you like that?
Bloodninja: I peel some bananas.
Sarah19fca: Oh, what are you gonna do with those?
Bloodninja: get me peanuts. Peanuts from the ballpark.
Sarah19fca: Peanuts?
Bloodninja: Ken Griffey Jr. Yeaaaaahhh.
Sarah19fca: What are you talking about?
Bloodninja: I'm spent, I jump down into the alley and smoke a fatty. I throw rocks at the cats.
Sarah19fca: This is stupid.
Bloodninja: Stone Cold Steve Austin gives me some beer.
Bloodninja: Wanna Wrestle Stone Cold?
Bloodninja: Yeeaahhhh.
Sarah19fca: /ignore
Bloodninja: Its cool stone cold she was a bitch anyway.
Bloodninja: We get on harleys and ride into the sunset.

---------------

Bloodninja:Wanna cyber?
DirtyKate:OK, but don't tell anybody ;-)
DirtyKate:Who are you?
Bloodninja: I've got blond hair, blue eyes, I work out a lot
Bloodninja:And I have a part time job delivering for Papa John's in my Geo Storm.
DirtyKate:You sound sexy.. I bet you want me in the back of your car..
Bloodninja:Maybe some other time. You should call up Papa John's and make an order
DirtyKate: Haha! OK
DirtyKate:Hello! I'd like an extra-EXTRA large pizza just dripping with sauce.
Bloodninja:Well, first they would say, "Hello, this is Papa John's, how may I help you", then they tell you the specials, and then you would make your order. So that's an X-Large. What toppings do you want?
DirtyKate:I want everything, baby!
Bloodninja:Is this a delivery?
DirtyKate:Umm...Yes
DirtyKate:So you're bringing the pizza to my house now? Cause I'm home alone... and I think I'll take a shower...
Bloodninja:Good. It will take about fifteen minutes to cook, and then I'll drive to your house.
**pause**
DirtyKate:I'm almost finished with my shower... Hurry up!
Bloodninja:You can't hurry good pizza.
Bloodninja:I'm on my way now though
**pause**
DirtyKate:So you're at my front door now.
Bloodninja:How did you know?
Bloodninja:I knock but you can't hear me cause you're in the shower. So I let myself in, and walk inside. I put the pizza down on your coffee table.
Bloodninja:Are you ready to get nasty, baby? I'm as hot as a pizza oven
DirtyKate:Oooohh yeah. I step out of the shower and I'm all wet and cold. Warm me up baby
Bloodninja:So you're still in the bathroom?
DirtyKate:Yeah, I'm wrapping a towel around myself.
Bloodninja:I can no longer resist the pizza. I open the box and unzip my pants with my other hand. As I penetrate the gooey cheese, I moan in ecstacy. The mushrooms and Italian sausage are rough, but the sauce is deliciously soothing. I blow my load in seconds. As you leave the bathroom, I exit through the front door....
DirtyKate:What the f**k?
DirtyKate:You perverted piece of s**t
DirtyKate:F**k

------------------

Bloodninja: Wanna cyber?
MommyMelissa: Sure, you into vegetables?
Bloodninja: What like gardening an ****?
MommyMelissa: Yeah, something like that.
Bloodninja: Nuthin turns me on more, check this out
Bloodninja: You bend over to harvest your radishes.
(pause)
MommyMelissa: is that it?
Bloodninja: You water your tomato patch.
Bloodninja: Are you ready for my fresh produce?
MommyMelissa: I was thinking of like, sexual acts INVOLVING vegetables... Can you make it a little more sexy for me?
(pause)
Bloodninja: I touch you on your lettuce, you massage my spinach... Sexily.
Bloodninja: I ride your buttocks, like they were amber waves of grains.
MommyMelissa: Grain doesn't really turn me on... I was thinking more along the lines of carrots and zucchinis.
Bloodninja: my zucchinis carresses your carrots.
Bloodninja: Damn baby your right, this s**t is HOT.
MommyMelissa: ...
Bloodninja: My turnips listen for the soft cry of your love. My insides turn to celery as I unleash my warm and sticky cauliflower of love.
MommyMelissa: What the f**k is this madlibs? I'm outta here.
Bloodninja: Yah, well I already unleashed my cauliflower, all over your olives, and up in your eyes. Now you can't see. Bitch.
MommyMelissa: whatever.

------------------

Partner6: So you're really a 18 yr old girl right?
J-Dogg: Yeah, J for Julie.
Partner6: So whats with the "Dogg"
J-Dogg: Uh, It's cause I'm into the latina gangs and shit. You know, rollin with tha homies and shit.
Partner6: Oh, uh ok thats cool. So you ever seen a gun?
J-Dogg: Yeah like I got 6 guns.
Partner6: Thats cool, so you wanna see my gun?
J-Dogg: hehe, of course baby.
Partner6: I pull off my pants and show you my "gun".
J-Dogg: Ohh, it's so big.
Partner6: Yeah, what you want to do?
J-Dogg: Umm, i guess stroke it or something.
Partner6: It likes that.
J-Dogg: aight.
Partner6: Keep talking to me baby...
J-Dogg: I kiss you on the mouth, hard, but then gently.
Partner6: Mmmm, daddy like.
J-Dogg: I unzip my pants...
Partner6: Yes, show me what you got.
J-Dogg: I pull out my schlong, and rub it on your breasts...
Partner6: WTF?!
J-Dogg: Oh shit, I meant, your schlong! your schlong!
Partner6: I've had it with you queers trying to cyber me, I only fuck women...
J-Dogg: Shit just don't shoot me man, I wasn't serious about the guns I have, I'm unarmed!
Partner6: You dipshit.
J-Dogg: I whimper to myself...
J-Dogg: please don't shoot me Mr.

------------------

J-Dogg: I see you in line at the supermarket. Our eyes meet.
Partner8: Who the fuck are you?
J-Dogg: I mouth the words to you, as if in slow motion:
J-Dogg: Fuck me, Fuck me.
J-Dogg: My wishes are like poetry in your eyes. We want this moment to last forever.
Partner8: OMFG are you trying to cyber me?
J-Dogg: We are like two dancers, for whom the music never stops. I Kiss the top of your hand. You are taken aback by the bulge that forms in your thigh.
Partner8: Is that like cancer?
J-Dogg: If cancer is our love, then I hope you don't have the technology of chemotherapy.
Partner8: Good one romeo.
J-Dogg: You grab the bulge that you feel. you tihink it must be taking over your mind, theres nothing else you can think of. My tubesteak to you is like a beautiful japanese haiku.
The salmon swim at night.
Towards your room.
The snow and the moon.
Partner8: that was never a haiku.
J-Dogg: To your light bulb I am the Thomas Edison of your sex. Withought my light you would be lost in a sea of darkness.
Partner8: That made even less sense than your "haiku"
J-Dogg: So you ready to fuck then?
Partner8: You unbutton my pants, spew your load at the sight of my underwear, and your spent.
J-Dogg: ...
Partner8: ?
J-Dogg: I'm spent.

------------------

Jdogg:Hey
QT-Pie:Hey
Jdogg:whats goin on
QT-Pie:Nothing. Who are you?
Jdogg:Jdogg. Wanna cyber?
QT-Pie:what does that mean?
Jdogg:what are you wearing?
QT-Pie:T-shirt. Jeans.
Jdogg:Garter belt?
QT-Pie:Ummm...no.
Jdogg:Are we gonna cyber or not?
QT-Pie: uh, okay.
Jdogg:Sweet, I start by rubbing your ass all around. You love this.
Jdogg: You're wet already. I can smell your pussy stink from here.
QT-Pie: WHAT?!
Jdogg: I execute standing position 12 from the Kama Sutra. Passion fills the room. Your head is close to the ceiling fan.
Jdogg:You leave everything to jdogg.
Jdogg:I am completely inside of you. You are my dick puppet. I put on a little play.
QT-Pie:This is weird. I should go.
Jdogg: I drop you on the ground, and lay a stripe down your back.
QT-Pie: A stripe?
Jdogg: I need a sandwich.
QT-Pie: You're a freak.
Jdogg: I was great. You loved it.

------------------

Girl: Hi
Boy: hello
Boy: who is this?
Girl: just a someone?
Boy: A someone I know?
Girl: nope
Boy: Then why the hell are you bothering me?
Girl: well sorrrrrry
Girl: I just wanted to chat with you
Boy: why?
Girl: nevermind your an asshole
Boy: Hey wait a minute
Girl: yes?
Boy: look I'm sorry. I'm just a little paranoid
Girl: paranoid?
Boy: yes
Girl: of what?
Girl: me?
Boy: No. I'm in hiding.
Girl: LOL
Boy: Don't fucking laugh at me!
Boy: This shit is serious!
Girl: What are you hiding from?
Boy: The cops.
Girl: gimme a fucking break
Boy: I'm serious.
Girl: I don't get it
Boy: The cops are after me.
Girl: For what?
Boy: I'm wanted in three states
Girl: For???
Boy: It's kindof embarrasing.
Boy: I had sex with a turkey.
Boy: Hello?
Girl: You are fucking sick.
Boy: Send me your picture.
Girl: why?
Boy: so I know you aren't one of them.
Girl: One of what?
Boy: The cops.
Girl: I'm not a cop i told you
Boy: Then send me your picture.
Girl: hold on
Boy: Hurry up.
Boy: Are you there?
Boy: fuck you, cop!
Girl: Hey sorry
Girl: I had to do something for my mom.
Boy: I thought you were trying to find a picture to send to me.
Boy: When really you were notifying the authorities.
Boy: Weren't you!?
Girl: thats not it
Boy: Then what?
Girl: I don't want to send you the picture cause I'm not pretty
Boy: Most cops aren't
Girl: IM NOT A FUCKING COP YOU DICKHEAD!
Boy: Then send me the picture.
Girl: fine. What's your e-mail?
Boy: Just send it through here.
Girl: alright *PIC*
Girl: Did you get it?
Boy: Hold on. I'm looking.
Girl: That was me back in may
Girl: I've lost weight since then.
Boy: I hope so
Girl: what?!?
Girl: that hurt my feelings.
Boy: Did it?
Girl: Yes. I'm not that much smaller than that now.
Boy: Will it make you feel better if I send you my picture?
Girl: yes
Boy: Alright let me find it.
Girl: kks
Boy: Okay here it is. *PIC*
Girl: this isn't you.
Boy: I'll be damned if it ain't!
Girl: You don't look like that.
Boy: How the hell do you know?
Girl: cause your profile has another picture.
Boy: The profile pic is a fake.
Boy: I use it to hide from the cops.
Girl: You look like the Farm Fresh guy lol
Boy: Well, you look like you ATE the Farm Fresh guy....
Boy: Not to mention all the groceries.
Girl: Go fuck yourself
Boy: I was going to until I saw that picture
Boy: Now my dick won't get hard for a week.
Girl: I shouldn't have sent you that picture.
Girl: You've done nothing but slam me.
Girl: you hurt me.
Boy: And calling me the Farm Fresh guy doesn't hurt me?
Girl: I thought you were bullshitting me!
Boy: Why would I do that?
Girl: I can't believe that cops are after you
Boy: I can't believe Santa lets you sit on his lap..
Girl: FUC YOU!!!
Boy: You'd break both of his legs.
Girl: You're a FUCKing asshole.
Girl: I've been teased my whole life because of my weight
Girl: and you make fun of me when you don't even know me
Boy: Ok. I'm sorry.
Girl: No you aren't
Boy: You're right. I'm not.
Boy: HAARRRRR!
Girl: I'm done with you
Boy: Aww. I'm sorry.
Girl: I'm putting you on ignore
Boy: Wait a sec
Boy: We got off on the wrong foot.
Boy: Wanna start over?
Girl: No
Boy: I'll eat your pussy
Girl: You'll what?
Boy: You heard me.
Boy: I said I'd eat your pussy.
Girl: I thought you said you couldn't get it hard after seeing my picture
Boy: Do I need a hard-on to eat your pussy?
Girl: I'd like to know that the man eating me out is excited yes
Boy: Well I'm not like most men.
Boy: I get excited in different ways.
Girl: Like what?
Boy: Do you really wanna know?
Girl: I don't know
Boy: You have to tell me yes or no.
Girl: I'm afraid to
Boy: Why?
Girl: cause
Boy: cause why?
Girl: well lets see
Girl: you say you have sex with turkeys. You call me fat. then you wanna eat me out
Girl: doesn't that seem strange to you?
Boy: Nope
Girl: well its strange to me
Boy: Fine. I won't do it if you don't want me to
Girl: I didn't say that
Boy: So is that a yes?
Girl: I guess so.
Boy: Ok. I need your help getting excited though.
Boy: Are you willing?
Girl: What do you need me to do?
Boy: I need you talk like a pirate.
Girl: ???
Boy: When I start to go limp... you say "HARRRR!!!"
Boy: ok?
Boy: Hello?
Girl: You can't be serious
Boy: Oh yes I am!
Boy: It's my fantasy.
Girl: this is retarded
Boy: Do you want it or not?
Girl: Yes I want it.
Boy: Then you'll do it for me?
Girl: sure
Boy: Ok. Here we go.
Boy: I gently remove your panties and being to massage your thighs.
Boy: You get really juicy thinking about my tounge brushing up against them
Boy: I softly begin to tounge your wet pussy.
Boy: I run my tounge up and down your smooth slit.
Girl: mmmm yeah
Boy: uh oh ...going limp.
Girl: Har
Boy: You gotta do better than that!
Boy: Your picture was really bad.
Girl: HARRRRRRRRRRRR
Boy: Ahhhh. Much better. I feel your pussy get more moist with every stroke.
Boy: I softly suck on your clit bringing it in and out of my mouth.
Boy: Your juices run down my chin as your scent makes its way to my nose.
Boy: I begin to feel empowered by your femininity.
Girl: mmmmmm you are good
Boy: I feel your thighs tighten as I suck harder
Boy: going limp
Girl: HARRRRRRR
Boy: Mmmm I grab your swelling buttocks in my hands.
Boy: You begin to sway back and forth.
Boy: going limp
Girl: this is stupid
Boy: ...still limp
Boy: Do it!
Girl: HARRRRRRRRRRRRR
Boy: I turn you around to lick your asshole.
Boy: I pry apart that battleship you call your ass.
Boy: I see shit nuggets hanging from the hair around your asshole.
Girl: WTF?!?!?
Boy: They stink really bad.
Girl: OMG STOP!!!
Boy: I start to get fed up with your ugly ass
Boy: I tear off your wooden peg leg.
Boy: I ram it up your ass.
Girl: YOURE A FUCKING PYSCHO!!
Boy: Then I pour hot carmel over your head.
Boy: And turn you into a fucking candy apple...
Boy: I kick you in the face!
Girl: FUCK YOU ASSHOLE!!
Boy: The celluloid from your cheeks hits the side of the cabin...
Boy: Your parrot flys away.
Boy: ...going limp again.
Boy: Hello?
Boy: Say it!
Boy: HAARRRRRR!!!!!