Now I know what I'll be doing in the airport this weekend: WPA is partially broke. Oh, well. I know people that still don't lock their APs down as-is, and I'm not talking about my neighbors, although they're big offenders. Thanks to Jason for the link.

Papers to read on the plane: The Ghost in the Browser: Analysis of Web-based Malware, Highly Efficient Techniques for Network Forensics Attacks. Not to mention a stack of magazines and journals that have been steadily piling up. I'd like to opt-out of the boring ACM articles, please.

Two new books en-route: The Web Application Hacker's Handbook and Murach's Java 6 SE.

Pictures of Natalie & Justin and Karin & Chris' weddings have been added to prove that yes, I have a life... but still lack a date to these kinds of events. Considering the above, it's not much of a mystery.

I was back at Penn State this weekend for a wedding (pictures later), and much needed non-home-game-football-weekend visit to University Park. While there I planned to find an updated version of the O'Reilly Java Cookbook - figured there's a good chance of finding a used copy of the newest edition cheap since, well, it's a large university. Wrong. They still rip students off. Not only could I not find that particular book, but all the books for the Java and C programming courses were insanely overpriced. I'm talking about $89 for a used book. $110 new. $80 for an INFOSEC book that couldn't have been more than 150 pages long.

Considering the shelf life of technology literature, they should really take a long, hard, look in the mirror and figure out how they sleep at night.

Anyway, that's what Amazon is for, I guess. My 72 hour furlough to Penn State had a profound effect on me (much as our football team had a profound effect on Wisconsin during Saturday night's game). So much so, I painted my front door blue today. Yes, that is how I roll, and I sleep very well at night.

I just came across a spectacular example of using "Google Hacking", more professionally known as OSINT, or, Open Source Intelligence gathering, to reveal some nasty truths about the Chinese involvement in the 2008 Olympic games. Over at Stryde Hax blog page he details the steps he used to do a little research on He Kexin's age. If you don't follow any news about the Olympics or otherwise live under a rock, there's been some controversy surrounding her age. Minimum age to participate: 16. Media claiming true age: 14.

Stryde found some very incriminating documents within the Google cache that strongly point to the Chinese government lying about her age (gasp!). He goes on to point out the disturbing fact that as he outs the information, much of it starts to be removed from the Google cache.

Interesting.

Remember Google - do no evil. Liars.

Ok, this is just too great not to mention. Rebuilding my laptop with Fedora 9, I search through the YUM cache for a particular program I find useful. Let's see if you can find it:

snoop@localhost ~]$ yum search seahorse
Loaded plugins: fastestmirror, fedorakmod, kernel-module, refresh-packagekit
================================ Matched: seahorse ======================================
seahorse.i386 : GNOME2 interface for gnupg
seahorse-adventures.noarch : Help barbie the seahorse float on bubbles to the moon

I built a telecom closet for my house - ran all the CAT5e, coax cable, and PSTN to a single location for digital distribution throughout my house! It took a little while, but here's the info. Check it out and drop me a note if you're venturing into something similar yourself.

For about 30 minutes today it looked as if I was going to Blackhat 2008. I'm not.

Not security related, but of interest anyhow. When Google's webmaster tools want you to place an meta-tag or randomly-named HTML file for proof that you own a site - keep it there. Or you'll do it again. Apparently it checks back on occasion and gets really annoying if it can't find what its looking for.

Ok, so now I'm not going to DefCon 16. Now I'm going to Key West for JD's bachelor party and some primo lobster hunting. That's right - hunting.

Speaking of hunting, here's some interesting security pointers:

• Apple software is full of vulnerabilities. It's just as unsecure a platform as Windows, save the fact that exploits haven't been widely written (ostensibly because few people use a Mac, so there's little cost benefit.) I know, we all know this, but these past few weeks, well... they're just getting a lot of bad press.
• I really missed the Storm worm... oh, great, there's a replacement! And guess who sends spam email? You do.
• And finally, do you see that little lock icon in the bottom right corner of your window when you're on that super-safe banking site? Yeah, the one that everyone tells you proves your "safe"? Doesn't mean anything, never really did - particularly when your bank decides to fumble a disk with all your data on it.

Yes! I held off posting here for close to 10 months. That's dedication. All that crap about past RSA conferences, parties, and vacations is off to the archives, where it belongs. My house is completed (May 2007-December 2007), and I've only got two scars to show for it. Neither in cool places. I'll be at DefCon 16 later this year in August - I'm excited, to say the least.

I've dumped Verizon in favor of Cavalier Telephone. I don't remember what a "telephone" is, but it's got to be better than Verizon. I can say right now that I hate Verizon. I have nothing but righteous indignation for that company. I'll detail that out some other time when it's not so late.

New consulting company to keep an eye on: VeriSpect, LLC.