Partial rant, partial useful blog post — I’m noticing that a lot of the “new” APIs for sites are starting to restrict access to content either by putting limits on content either by controlling how much of the data you’re allowed to access, or by not including the ability to access a certain amount of data over the API at all. This is different from a few years ago where sites like Twitter, would let you collect all the tweets from a user without issue.

This Friday, I’ll be presenting a weird presentation at BSides Detroit. It’s titled “Corporate Intelligence: Lisbeth Salandar vs James Bond” and it’s on a subject that has been stuck in my head for a while. It’s a talk about corporate spying, competitive intelligence, industrial espionage — the type of thing where people are stealing information from one group, and selling it to another. As is the case with most of my presentations, it has little to do with what I do for work, and more to do with play.

Can we agree that NFC is here to stay? Just about every mobile platform supports it, (I’m looking at you Apple) including simple feature phones from way back when . Let me just get to the good part: NFC input vectors for pen-testing. The scenario here is a mobile application that supports some kind of NFC exchange. Maybe it’s a Windows Phone 8 tag reader or something using Android Beam — whatever.

InspecTor is a .onion page that kept track of bad exit nodes on the network. And it did a pretty good job. It looked for things like: SSL Stripping: Replacing HTTPS links with HTTP JavaScript injection iFrame injection Exit nodes that have no exit policy (black holes) Those are the easy to quantify bad properties. We can compare the results of connecting to a bad Exit Node and a good one and diff the results.