1. I got a new job
2. Said job was 3000 miles away
3. I drove the 3000 miles
4. First week in new location my house was broken into and my computers were among the more than $5k worth of stuff stolen.
5. I had just blown all my money moving 3000 miles =no way to replace computer (or go to BlackHat/Defcon/BSidesLV
6. New job has been keeping me supremely busy in a good way.

This whole extravaganza started in May so the summer was kind of a whirlwind of craziness, the fall was work kicking into overdrive. I’ve kind of hit my stride at the new job and gotten used to the giant piles of work so I’m planning on setting aside time to blog again.

The job I started was at WhiteHat Security as a resident appsec bug hunter. Drinking from a fire hose for 6 months would be no exaggeration as we have a very unique playground of websites to find/test vulnerabilities on. I’ve found some very high profile vulnerabilities that I wish I could talk about but I’ll have to settle for severely obfuscated posts in the future merely describing the attack vector with all client information withheld.

Since I joined the team we have about doubled in size and gone from the “Operations” department to WhiteHat’s “Threat Research Center” which just sounds so muchs spiffier and more official.

We also participated pretty avidly in the Google bug bounty program. Mighty successfully I might add: Google Security Hall of Fame. 5 people on our team found rewardable bugs in Google apps. I say rewardable because a number of us found bugs that they didn’t qualify as rewardable, mostly minor XSS or open redirects.

I might add that this is 5 so far, we have a few more emails sitting in their queue and I’ve had a bit of fun with their Cr-48 as a beta tester (more details to come after bug is reported and fixed but this one is a fun one).

So there is a run down of my absence from the blog world, cliff notes of course. I did a fair amount of weekend getaways enjoying the west coast weather.

I hope anybody reading this had a great Christmas and will have a safe and happy new year. My better half put a grill / smoker under the tree for me and I’ll be breaking that out to ring in 2011 with some smoked meat.
So now that you know one of my resolutions is to start blogging again what are some of yours? I miss you. You look great by the way.

Cheers,
Matty Jay

During a recent password audit at the Bank of Ireland it was found that Paddy O’Toole was using the following password: MickeyMinniePlutoHueyLouieDeweyDonaldGoofyDublin

When Paddy was asked why he had such a long password: he replied ”Bejazus! are yez f*ckin’ stupid? The bank told me password had to be at least 8 characters long and include one capital”

Don’t ever think you can outwit the Irish!