Comments for Michael On Security

Comment on Google Helps Me Get Answers From Experts Exchange by Michael Gorsuch

Michael Gorsuch — Fri, 29 Aug 2008 19:38:25 +0000

Yeah… evidently I was one of those guys that never scrolled down after finding links via Google results

Comment on Google Helps Me Get Answers From Experts Exchange by Michael Dickey

Michael Dickey — Fri, 29 Aug 2008 19:35:21 +0000

Wow, I know I’ve been clicking through the Experts Exchange for a long time from Google and always scrolling to the bottom for answers. I was always kinda left thinking other people just didn’t scroll down when they said the answers were cloaked for them. They may not have been wrong! I didn’t know they displayed different stuff depending on how I got there.

Of course, if they decide to do this by user-agent and not referer, firefox lets me change that just fine too!

Then again, maybe they don’t mind searching for it this way…

Comment on Google Helps Me Get Answers From Experts Exchange by prabhu

prabhu — Fri, 29 Aug 2008 03:44:48 +0000

It works good for me. Thanks for the good usable tip

Comment on Google Helps Me Get Answers From Experts Exchange by Michael Gorsuch

Michael Gorsuch — Thu, 28 Aug 2008 18:11:14 +0000

Here’s another way to repro, at least for me.

Go to EE directly, and search for a thread. You won’t see the answers at the bottom. Copy the URL, and go to Google. Paste that URL in the search field, and click on the link.

You should see answers.

Comment on Google Helps Me Get Answers From Experts Exchange by nope

nope — Thu, 28 Aug 2008 18:08:49 +0000

Nope, doesn’t work for me either. Neither does switching my user agent. Not a big deal for me, but it’s interesting that it worked for you…

Comment on Google Helps Me Get Answers From Experts Exchange by Michael Gorsuch

Michael Gorsuch — Thu, 28 Aug 2008 17:54:47 +0000

Even when you scroll to the very bottom? There are a few placeholder blocked comments at the top, but the real ones are underneath.

I’m seeing them, but perhaps something else is going on here…

Comment on Google Helps Me Get Answers From Experts Exchange by fail

fail — Thu, 28 Aug 2008 17:53:03 +0000

Uh, your linked cache url has all of the ‘answers’ blocked out.

Comment on The Wonders of Social Engineering by Michael Gorsuch

Michael Gorsuch — Sun, 24 Aug 2008 23:04:25 +0000

Hi Jay! Things are good out here, and hope you are doing just as well.

That’s a great example of a hack. It seems that social engineering is really where it’s at. Internal mail relays are very easy to exploit and even easier to overlook.

Scary, isn’t it?

Comment on The Wonders of Social Engineering by Jay Faulkner

Jay Faulkner — Sun, 24 Aug 2008 22:07:03 +0000

Hey Michael! Hope everything is doing well with you guys in the big city.

At my former employer, an intern there did something similar — send out an email to an easily-discovered email address (support@), and included a “new diagnostic tool” which was really a connect-back shell. He used the CTO’s name and email as the “From:”. It went into a community queue, where two people installed and ran it, and one person reported it to us.

Someone told me once that social engineering is the best kind of hacking. They were right — people are too trusting and don’t protect their passwords properly.

Comment on Staying On Top of Things by David

David — Mon, 26 May 2008 17:33:48 +0000

Hi Michael,

>I use a text file with vim. Seriously. >It is located on a remote server that >I can access from anywhere, and it >has a very obvious format:

>Apply patches to front-end IIS >servers:
>x verify that a policy exists
>x schedule change
>- apply patch on 2/20/2008 @ 00:01

I found that Gmail draft mode is the most bang for buck way of storing to-do-lists and/or similar stuff. For something a little more serious I would put them on mind maps by using FreeMind.

By the way, nice article.