[Dailydave] Auggie
Dave Aitel
dave at immunityinc.com
Wed Jul 3 11:07:31 EDT 2013
So I've now watched all of the Covert Affairs seasons, and I have to
say, the writers got better as it went on and the show got a grittier,
more disillusioned feel. More like Homeland, and less like Archer.
But it's fantasy, of course. One of the characters (Auggie) is a blind
operative and he occasionally gets sent out on missions where he runs
about in strange cities and fights people and does other various spy
things that are fairly hard to do when you're blind. They make it seem
as plausible as, for example, the 5 foot, 100 pound Piper Perabo beating
up various thugs (one per episode at least - she's quite violent).
Auggie is blind (Note how in this obviously fantasy CIA picture there is
no tweed, nor khakis!)
In this blog, RSnake and some random blackhat go into a few things:
http://blog.whitehatsec.com/blind-sql-injection-what-is-it-good-for/
One thing they point out is that one of the random BlackHats that
they're friends with does not really use Blind SQLi to penetrate
machines, and he doesn't know anyone who does. "Because it's annoying".
Tru dat.
"""
Internally at WhiteHat we've had the long-standing belief that blind SQL
injection is rarely if ever actually used in attacks. We hear a lot
about blind SQL injection at conferences, in papers and while talking
with researchers, but we just don't hear about it being used. Sure,
there may be one piece of anecdotal evidence somewhere, but as a general
class of attack it doesn't seem to be a favorite of attackers. The
reason being? It's hard to use.
"""
I love that paragraph for so many reasons. Regardless, Immunity's
consulting arm uses only Blind SQLi for our penetration tests, both for
finding vulnerabilities, and for exploiting them.
-dave
[1] Miguel's talk:
https://lists.immunityinc.com/pipermail/dailydave/2013-January/000299.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130703/f17f32c2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Christopher-as-Auggie-in-Covert-Affairs-christopher-gorham-13974680-1280-720.jpg
Type: image/jpeg
Size: 122575 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130703/f17f32c2/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130703/f17f32c2/attachment-0001.sig>
More information about the Dailydave
mailing list