Tuesday, March 27, 2007

I'm glad you got your kid back

Erik takes his kids to Disneyland, but manages to lose the 3-year-old. But that's OK, he had hung a USB flash drive around the kid's neck, and had him back within 13 minutes.
Our three year old did just what we thought he would do - Disappeared. Within 13 minutes of being ‘lost’ though, my cellphone rang.
The little scamp.

Anyway, I actually am glad he got his kid back so quickly. Nothing is worse than having your young child go missing. But...

So the father planned ahead, that's good. If you'd like to do the same yourself, I see that SurplusComputers has a 2-pack of similar-sounding drives for about $8.

But I can't say I recommend you do that. Instead, I recommend that you plant the equivalent of a dog tag on your kid. It's no worse than the USB version, and you're much more likely to get someone with a cell phone and no computer handy to just read the tag and call you.

Heck, if you know you're probably going to lose your kid at Disneyland, I bet you could get them back in just 5 minutes with the dog tag.

Oh, and I see the lost USB drive thing just relies on Autorun to pop up the message. Disneyland Security, you just got pwned by a 3-year-old. Pentesters, are you paying attention?

Found via The Disney Blog.

Saturday, March 24, 2007

Owning up

If you're a software vendor and a researcher comes along a claims there's a problem with one of your offerings, and you (the vendor) think there is not, you issue a public statement to the contrary. That's fair.

However, if the researcher persists and manages to prove his or her case to you, what do you do?

If you're Microsoft, you own up to the problem, and thank the researcher for making you understand.

Exhibit 1
Exhibit 2

That sure looks like the right way to do things to me. At least, the drama will probably only last about a week.

Monday, March 12, 2007


Great short blog entry By Larry Osterman about FPO. I certainly have seen any number of functions that work both ways, but I never knew it had a name, and I hadn't picked up the implication for debugger stack traces.

Thursday, March 08, 2007

Official shilling

My employer BigFix has launched a company blog. I have written my first entry responding to a post on Ross Brown's blog.

Anything that's strictly a BigFix topic, I'll probably do over there from now on. Though, if I think I've been especially clever or something I may drop a pointer here as well. I can think of at least one thing coming up in the future that will be posted over there that I will probably want to share. It's a follow-up of sorts to my previous Rubik-related post.