Rabbits, Google, CVS, and the blitzkrieg of hacking to come

[Dave Aitel <dave.aitel () gmail com>]

Has anyone figured out what braindead MBA is in charge of the CVS
"ExtraCare" card, or whatever they're calling it? No one I know has any idea
why they give you one with every purchase. They have a little evil sign on
their register saying "Please have ExtraCare card available before you check
out!". The check-out person always just scans one and shoves it in the bag
robotically. Clearly no one since the dawn of time has cheerfully presented
their ExtraCare to check out. This is a sign of a company that doesn't find
their own products exciting. Probably the only thing dumber is Google
getting up at CES and announcing you can download Adobe Acrobat 7 through
them. Acrobat 7 is horrible. It's huge and buggy and completely pointless
when there's perfectly good free software for rendering PDF's available.
Also, we can buy DRM-entrapped video from Google now for the exact same
price we could buy it from iTunes. Who cares? Google-pack is stupid.
Google-video is underwhelming. It's so "whatever" Robin Williams can't even
save it.

Big companies need to wow us. Microsoft's vision is to replace our 150
dollar DVD player with a 1500 dollar media center.  They practically give
Tivo's away with every toothbrush from CVS now, so I don't know why this is
exciting. What exactly, is new about Vista? Do we have an Urge for more TV
from the Internet at 2 bucks an episode? Make it 20 cents and we'll get
excited. I know Bdog is working hard on that kernel, and I wonder why -
after NX becomes standard people are going to stop caring. All the worms and
spammers will go away, and only the hackers will be left. And hackers are
stealthy like ghosts. There's not a lot of market share in protecting people
from things they can't see...

I think the thing missing from the announcements lately is excitement. So
here's my attempt:

CANVAS 6.6 includes a http proxy. Last year, there was no way to hack into
machines and then with one click, browse www.intranet.com through them.
Today there is. This is cool stuff. I think all the exploit framework people
think the new things you can do with exploit frameworks are, most
importantly, fun. At least, I hope so, cause this is a niche business. If
you're in it for the money....then I guess it's time for 2 dollar tv shows.
Which we will do, in time. :>

We also include a WMF exploit. Who doesn't? But the important thing to
remember is this: Where there is one tuna, there are many crabs. IE falls to
any hacker who spends the willpower necessary. As much as Sinan hates GNU,
he isn't running his machine on anything else...

My rabbit is eating my shoe and I'm inebriated on shellcode, time to go.
-dave
(Did I send this message via my box, or yours? :>)