Searching for kids on halloween

[Dave Aitel <dave () immunitysec com>]

I had one kid come to my door last night, so we have a lot of candy left 
over. After enough of it, this is the stuff that was going through my head:

People get very interested in Web 2.0 "mash-ups", but I think the more 
interesting stuff will happen with thick clients doing "mash-ups". For 
example, why doesn't the standard traceroute utility display its results 
as part of Google Maps? I'm thinking VisualRoute on steriods. I'd build 
this into CANVAS if I had time, but there's no reason Novell doesn't 
build it into Beagle first.

Why can't you expose the CANVAS log data to Google desktop so you can 
ask Google what the password was to that box you hacked a few years back?

Google's destop search versus people whining on the Internet about 
searching still sucking.
o Can do more relevance testing by - sites people never visit are not 
interesting.
o If Google's PageRank takes into account the stuff on your desktop, it 
can be very relevant indeed.

I spend a lot of my time doing the really boring guts of CANVAS. Adding 
for loops to MOSDEF, our internal C compiler, doing user enumeration 
tools, writing brute forcers, writing log cleaners. But these are the 
elbow joints  and phillips head screw drivers of hacking. You have to 
have them done so you can do the really fun stuff like own a linksys via 
your phone. I think there's a lot of people out there doing really cool, 
edge of your seat work. Writing and finding exploits, writing automatic 
analysis tools, etc. But writing an log cleaner is the equivalent of 
shoveling snow. It's not easy, but it's not an accomplishment when 
you're done. I think a lot of the reason people buy tools like CANVAS 
are so they can get their drive shoveled.

Ok, enough candy. Hopefully everyone had more kids come to their door 
than we did!

-dave