________________________________________
From: [email protected]
[[email protected]] on behalf of
[email protected] [[email protected]]
Sent: Saturday, April 24, 2010 12:00 AM
To: [email protected]
Subject: Owasp-Malaysia Digest, Vol 18, Issue 26
Send Owasp-Malaysia mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.owasp.org/mailman/listinfo/owasp-malaysia
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-Malaysia digest..."
Today's Topics:
1. Re: Brute Force Password Guessing!!! (Ang Chin Han)
2. Re: Brute Force Password Guessing!!! (James Tan)
3. Re: Brute Force Password Guessing!!! (Mohd Fazli Azran)
----------------------------------------------------------------------
Message: 1
Date: Fri, 23 Apr 2010 14:21:12 +0800
From: Ang Chin Han <[email protected]>
Subject: Re: [Owasp-Malaysia] Brute Force Password Guessing!!!
To: James Tan <[email protected]>
Cc: [email protected]
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Apr 23, 2010 at 7:41 AM, James Tan <[email protected]> wrote:
> I am involved in 'cloud' solutions and read interesting articles of 'Human
> Cloud' (some terms I made up to let you imagine better). I try to dig them
> out if anyone interested, can't recall exactly where I read it. Could be a
> SecurityTube posting of a speaker at HiTB KL last yr.
I believe "crowd sourcing" is the more popular term for "Human Cloud".
See also Amazon's Mechanical Turk. http://aws.amazon.com/mturk/ It'd
been used for quite some fun stuff.
------------------------------
Message: 2
Date: Fri, 23 Apr 2010 14:59:29 +0800
From: James Tan <[email protected]>
Subject: Re: [Owasp-Malaysia] Brute Force Password Guessing!!!
To: [email protected]
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="utf-8"
Thanks for the 'crowd sourcing' term. What I am doing is trying to relate
'crowd sourcing' the today's buzzword 'Cloud'.
I found the video, realized it's not HiTB but Defcon. It's at "
http://www.securitytube.net/Screen-Scraper-Tricks-(Extracting-Data-from-Difficult-Websites)-Defcon-17-video.aspx
".
I briefly read Amazon's Mechanical Turk and it resembles some UX(usability
testing term) 'cloud' solutions currently offered. FYI, I am in a QA role so
am interested in such 'real life' computing power vs AI.
If you view the video, the speaker(Amazon's Turk webpage as well) shared the
very low cost of mass intelligence required. This is a threat that should
not be underestimated when we think of e.g. attacks/bruteforce coming from
sophisticated engines when cheap, massive skilled labour are exploiting the
assets.
Imagine 'crowd sourced'/'human cloud' blackhat computing power pounding on
our public sites or worst, conducting mass social engineering 'attacks' to
our staffs, online and/or in real person. I might be thinking too much :)
On Fri, Apr 23, 2010 at 2:21 PM, Ang Chin Han <[email protected]>wrote:
> On Fri, Apr 23, 2010 at 7:41 AM, James Tan <[email protected]> wrote:
>
> > I am involved in 'cloud' solutions and read interesting articles of
> 'Human
> > Cloud' (some terms I made up to let you imagine better). I try to dig
> them
> > out if anyone interested, can't recall exactly where I read it. Could be
> a
> > SecurityTube posting of a speaker at HiTB KL last yr.
>
> I believe "crowd sourcing" is the more popular term for "Human Cloud".
>
> See also Amazon's Mechanical Turk. http://aws.amazon.com/mturk/ It'd
> been used for quite some fun stuff.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100423/f5361e53/attachment-0001.html
------------------------------
Message: 3
Date: Fri, 23 Apr 2010 16:36:56 +0800
From: Mohd Fazli Azran <[email protected]>
Subject: Re: [Owasp-Malaysia] Brute Force Password Guessing!!!
To: James Tan <[email protected]>
Cc: [email protected]
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
Talking about "Crowd Source" term in security field i dont think so it will
help on that. More cloud will more expose to security risk. It a large
distribution it out there for any script kiddies will run their business
everywhere every time and every place. How it make it possible to us
prevents it. Not now!!!
On Fri, Apr 23, 2010 at 2:59 PM, James Tan <[email protected]> wrote:
> Thanks for the 'crowd sourcing' term. What I am doing is trying to relate
> 'crowd sourcing' the today's buzzword 'Cloud'.
>
> I found the video, realized it's not HiTB but Defcon. It's at "
> http://www.securitytube.net/Screen-Scraper-Tricks-(Extracting-Data-from-Difficult-Websites)-Defcon-17-video.aspx<http://www.securitytube.net/Screen-Scraper-Tricks-%28Extracting-Data-from-Difficult-Websites%29-Defcon-17-video.aspx>
> ".
>
> I briefly read Amazon's Mechanical Turk and it resembles some UX(usability
> testing term) 'cloud' solutions currently offered. FYI, I am in a QA role so
> am interested in such 'real life' computing power vs AI.
>
> If you view the video, the speaker(Amazon's Turk webpage as well) shared
> the very low cost of mass intelligence required. This is a threat that
> should not be underestimated when we think of e.g. attacks/bruteforce coming
> from sophisticated engines when cheap, massive skilled labour are exploiting
> the assets.
>
> Imagine 'crowd sourced'/'human cloud' blackhat computing power pounding on
> our public sites or worst, conducting mass social engineering 'attacks' to
> our staffs, online and/or in real person. I might be thinking too much :)
>
>
> On Fri, Apr 23, 2010 at 2:21 PM, Ang Chin Han <[email protected]>wrote:
>
>> On Fri, Apr 23, 2010 at 7:41 AM, James Tan <[email protected]> wrote:
>>
>> > I am involved in 'cloud' solutions and read interesting articles of
>> 'Human
>> > Cloud' (some terms I made up to let you imagine better). I try to dig
>> them
>> > out if anyone interested, can't recall exactly where I read it. Could be
>> a
>> > SecurityTube posting of a speaker at HiTB KL last yr.
>>
>> I believe "crowd sourcing" is the more popular term for "Human Cloud".
>>
>> See also Amazon's Mechanical Turk. http://aws.amazon.com/mturk/ It'd
>> been used for quite some fun stuff.
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> [email protected]
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
--
Regards,
Mohd Fazli Azran
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100423/9dd99d6a/attachment-0001.html
------------------------------
_______________________________________________
Owasp-Malaysia mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-malaysia
OWASP Malaysia Wiki
http://www.owasp.org/index.php/Malaysia
OWASP Malaysia Wiki Facebook
http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
End of Owasp-Malaysia Digest, Vol 18, Issue 26
**********************************************
_______________________________________________
Owasp-Malaysia mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-malaysia
OWASP Malaysia Wiki
http://www.owasp.org/index.php/Malaysia
OWASP Malaysia Wiki Facebook
http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
