Procrastinate another 2 minutes

I read security blogs to stay current. That’s a lie. I read security blogs for the same reason I watch Jerry Springer. I want to see sociopaths and rednecks nutting up over their 20-minutes of fame. So-and-so is leaving this-or-that blog/company/affiliation/whatever and such-and-such is screwing this guy over with rambo litigation….etc. etc. It’s all meaningless, but it’s entertaining and a great way to kill time if you’re all out of good drugs. I think I might be getting jaded, apathetic, or burned out…hmmm, oh well, it doesn’t matter. Here’s some stuff that’ll help you get through another 2 or 3 minutes of your day.

Perhaps the funniest blog entry that I’ve ever read.

In other news…It’s official – Web application scanners are now so bad that I won’t even use them if they’re free. At this point, I am officially divorced from automated application scanners. What I’ve been using, primarily, is Proxies and Firefox browser plugins. Some folks were nice enough to put together a very nice list of Firefox plugins which make the app pen-testers life much easier. Snag it here

!Dmitry

Share
  • http://www.whiteacid.org Sid

    I’ll just be really immodest here and say that my greasemonkey script should also be installed.

    What someone really needs to make is a way to install batches of firefox plugins all at once.

    It is just me or does the work “immodest” sound like an invention by Apple?

  • dmitryc

    It is. It’s probably listed in the wrong section. It’s not under ‘Security auditing’ but under ‘Misc’

  • http://www.whiteacid.org Sid

    I didn’t mean the greasemonkey extension, I meant my script for it, linked to in my previous comment.

  • dmitryc

    mea culpa. Yeah, that’s a rocking script. I just installed it ;)

  • http://grandstreamdreams.blogspot.com ClausValca

    Nice tip!

    I use Firefox heavily at work down in our IT dungeons and am always on the lookout for extension add-ons to leverage it.

    I popped over to check out the FireCat developers website (SecurityDatabase) and saw they seem to have a newer version of the FireCat (Firefox Catalog) PDF file than the one you linked to: FireCAT Version 0.95

    Changelog 0.95

    - Added “LiveHTTPHeaders” extension to Security Auditing Category (Thanks to Joaquin Crespo)
    - Added “As number” plugin to Information Gathering Category (Thanks to Kev from vulnerabilityassessment.co.uk)
    - Added Fireftp extension (Thanks to Kev from vulnerabilityassessment.co.uk)

    I’m excited to see some of the tools offered in their lists and can’t wait to begin using them.

    Sid–have you checked out the Firefox extension CLEO: Compact Library Extension Organizer?

    Although you will have to download and install each extension mentioned in FireCat once “manually,” you can then roll them all up into a single .xpi file for installation on other machines and/or backup.

    Per the developer’s site: “CLEO is a Firefox extension that works with FEBE to package any number of extensions/themes into a single, installable .xpi file.”

    That might be a possible solution…

    Cheers,
    –Claus

  • http://www.whiteacid.org Sid

    Thanks for that link Claus, I’ll certainly give that a go.

    Also the author of noscript is making an anti-XSS build which he talks about here

    I disagree with some of their things. I don’t want an FTP client built into my browser, I have filezilla to use as my FTP client. Anyway… I’m not going to bitch about that here.

  • Jeremiah Grossman

    “In other news…It’s official – Web application scanners are now so bad that I won’t even use them if they’re free. At this point, I am officially divorced from automated application scanners.”

    Out of curiosity, what scanner(s) where you trying?

  • dmitryc

    I’m not gonna call them out….It wasn’t yours.

  • Jeremiah Grossman

    Fair enough. Thanks.