everburning

The University of Washington has posted slides, notes and videos of the Winter 2006 Practical Aspects of Modern Cryptography course.

Security Compass released two beta tools in the Exploit-Me series. These tools, XSS-Me and SQL Inject-Me, are Firefox plugins to help test for security vulnerabilities.

XSS-Me does Cross Site Scripting (XSS) injection against the forms on a page. This will send a predefined set of attack strings against the website to see if the site reflects the content back to the user.

SQL Inject-Me is a tool to do some SQL injection tests against an application. It will send a series of SQL commands and attempt to make the database return an error message to the user.

Anyway, check out the Exploit-Me site and give the tools a try. If you find any issues you can report them to bugs at securitycompass.com.

Oh, and as an added bonus, the tools are being released under the GPL v3. We’re working on getting bug tracking, mailing lists and all that other infrastructure setup for the project.

I stumbled across PeepCode last night. While it looks like a porn site it actually isn’t. Well, maybe geek porn. They sell programming videos on various topics. I watched a few of the free snippets and they were pretty good so I picked myself up a 10 pack.

I’ve got six of them downloaded at the moment:

• Rails From Scratch part I
• Rails From Scratch part II
• Test-First Development with Rails
• RESTful Rails
• TextMate for Rails
• RJS Templates

I watched the TextMate for Rails video last night. The production quality is really good and he gets through a lot of the TextMate commands and features. I’ll have to watch it again as there are so many different TextMate keyboard commands.

The videos come without DRM and they provide normal sized (I watched them fullscreen on my laptop and there was no pixelization) and iPod sized if you desire. I love the fact that I can download them and store them on my server at home. No need to watch them on the site every time. They all come with full source code used in the video and some have extra little PDFs and resource link collections to give you more information on the subject.

So far, really well done. I’m just waiting for a few more to come out as I’ve got 4 credits remaining. (Although I’m considering getting the JavaScript with Prototype.js video.

As a side note, while I was watching the video I noticed a text editing program, which I can’t remember the name of in the background. The website for that editor pointed me to Scrivener which looks kinda interesting if you’re a writer.

I’ve been using Digg for a while on recomendation of Basil, one of my co-workers. I read it through Sage (the Firefox RSS extension) so I see the title and then the blurb, I click the title and go to Digg and can click on the link to view the actual article or just read the comments.

Ok, good, everything is buzzing along nicely.

That is, up until a week or two ago. I guess their implementing some new features or something but now you have to log in to view certain stories. Through the RSS feed, this seems to be about 90% of the stories and there is no indication when viewing the header if you have to log in. So, suddenly 90% of the links I click on bring me to a login page. I’m sorry, I don’t want to log in. I don’t care to comment. I’m just here for the news.

I don’t like being tracked.

I put up with this for a week or two but as progressively more and more stories went behind the login screen I’ve had enough. So, fuck you digg. I’ll find my news somewhere else.