Nourish Intense Hydrating Silk Bath ( For Dry & Damaged Hair ) – CHI – Nourish Intense – 350ml/12oz

A superb-rich, creamy shampoo Helps gently cleanse & intensely nourish dry & damaged hair Preserves brilliance of hair color Leaves hair supple, smooth, lustrous & healthy looking To use: Apply a small amount to wet hair & foam up. Rinse well & repeat if needed
Read More..

Advertisements

A Conversation With Jeff Moss

Omer: I was going through random Google searches against your name and I found Platinum Net, what is it?Jeff: That was one of twelve underground messaging networks, Fido network that I belong to. And they all used the Fido net method of straight forward messaging. It wasn’t the part of Fido net but it used the Fido net protocol to reach on private messaging networks. It was a pretty small network out of Canada and it dealt mostly with the hacking information, and how to modify your car engine and whole bunch of random hacking kind of related topics, that was the reason I start DefCon,15 years ago because I was a friend with a guy who ran Platinum Net there. He ran the US main node and redistribution in United States. He got a new job; his parents had to move, so he had to take down the network. He wanted to do a party for every body and he asked me for help. But then his parents left early and he had to go over night as well. I was just stuck there, holding my bag, thinking about how to deal with the situation. I turned off to the other networks I belong to and invited every body to DefCon.Omer: Jeff Moss was already in place, why did the idea of black have evolved?Jeff: When DefCon started it was all a passion. Nobody at our age could get jobs; there were no jobs in computer security. And there wasn’t really even a market. The only people who were doing security work were people working for government, banks or universities or maybe manufacturers. There was really no chance to get a job. But then the internet boom sort of changed all that and as the boom was beginning, people started looking for IT people for installment of networks and other infrastructures. All of a sudden everybody started getting jobs that we knew. And they were looking for jobs, they got it and then they tried convincing their bosses to pay for their trips to DefCon. DefCon was just a straight hacking convention, and not really something serious. The announcements made there were not really serious, so you show that to your boss and he is not going to pay your way to DefCon. So everybody suggested that there should be something more serious and conventional event similar to the nature of DefCon. So they can show it to their bosses and their trips can be paid. A friend of mine, Larry was his name, suggested to do a whole new convention which is more serious sounding and charge them a bunch of money for it, because when you charge money for something, you can sort of manage expectations. So by charging money we could fly in the best speakers, we can pay the flight rent, we can pay to spend some time to develop the content. So that’s what it sort of became. Black Hat was totally a spin off.Omer: What do you think that how the whole idea of security has moved a step further, from PDP’s to the modern computers, how far has it come from the early days of personal firewalls to the unsupervised IDS algorithms?Jeff: It is fantastically more complicated now. The market just for security skills is fantastic. Competition sort of breed specialization and so 15 years ago it used to be 4 people each with different knowledge and you can pretty much understand any problem, you know the telephone problems, the UNIX problems, it wasn’t that complicated back then. Now you can have hundred people in a room and still not understand all the implications of dynamic html and a virtualized system on the multi processor core and it goes on and on and it can be hideously complicated. So on one hand it has matured the security market and on the other hand, the problems it created for it self are more and more complicated and harder to understand specializations. So it isn’t about one technology anymore. For example, if someone is expert on “SQL Injection on Oracle”, they don’t know much about anything else, because they have specialized it so much and it has extremely vast scope. And I don’t know if that is the best for the market place because if that person is to go find a job again, there will not be many places out there, hiring people who know about SQL injection on Oracle. So after re-training, they can pick those skills and may be do SQL injections on Microsoft products. But even that is completely different from what it was probably 6 to 7 years ago. I think it has changed a lot to what it used to be 10 years ago.Omer: How do you think that DefCon and Black Hat have helped the security industry?Jeff: I think yes, it has helped a great deal. It has raised a level of awareness in masses. Just to read the articles written about security makes you understand about a lot of stuff that you never knew before. There are some people out there who really know the technology and its weaknesses, and they might use it for bad purposes. So it’s our responsibility to figure out weaknesses and make people aware about it. Back then it was just kids who were curious and not a lot of organized crimes were there. You had to find somebody to teach u. Now you can learn how to break into others computer and never have to meet another human. You can be just reading web pages online, buying books and practicing the hacking skills. So, now it’s easy for criminal groups. They can easily learn these things in the comfort of their sofas. And the motivation now is so much greater, I mean now there is enough money online, enough consumers online, and enough commerce floating around. Now there are actually big targets. 10 years ago my mom wasn’t online, just then there wasn’t so much money online to go after. But now everything is online. So of course that’s where the criminals are going.Omer: Last year, there was a lot more nuisances, Michael Lynn’s controversy, about the black hat bug probably? How do you deal with all those political and social pressures? And how does it impact Black Hat content?Jeff: Well that’s a really interesting problem there. First of all it was really stressful at that time, because we were actually at the same time trying to sell the business. We had 6 prospective companies, who were at the show, trying to decide that maybe there is something that they are interested in buying. So we are in the middle of trying to sell our business and getting sued by Cisco and ISS and trying to run a show at the same time. 3-4 prospective buyers were scared away thinking that security conference base is too much risk, too much chance of being sued. But the remaining people, 3 companies said “Wow you are getting fantastic press attention and this is really good because they are not going to be scared away”. And you’re really spaced with the dilemma that if you don’t try to defend your self, you can wreck the whole business, because the public will never gain the knowledge that these researchers have acquired because they will be shut down through these lawsuit and it will pretty much wreck my business. Its like I have to fight or I have to give up. So we had to save more money for possible law suits. The good thing with Cisco was that it ended up looking pretty bad that a lot of people have learnt the lesson. That it is probably better to contact the speaker and try to work it out behind the scene and not make it public on the front page of a news paper.Omer: With all these political pressure and whole bunch of money from platinum sponsors (i.e. Microsoft and Cisco), does it make any difference to what the speakers have to say?Jeff: We don’t give the speakers any guidelines on what to say and what to do. In the very beginning, there weren’t much security vendors. There wasn’t any money to be made from vendors. Later on as the market started growing up, there was an opportunity and we started getting extra money from the sponsors (they wanted to help out and be involved some how). But we made it pretty clear that you don’t get any special consideration. I believe that there are two sides of a business. There is one side that goes and gets sponsors. And there is the other side that reviews contents. There was an instance when one sponsor has recommended eight different talks and none were accepted. Another sponsor had three talks which were accepted.Omer: who decides the acceptance of the content?Jeff: Ultimately it is me, but we have a review committee. And for each show the people who review it are different sometimes. There is a core 3 of us in the office then we have outside people. If you talks about crypto we have crypto experts. Talks about reverse engineering we have reverse engineering experts. Most of the times we consider how exciting the new research is, how fundamental and important is it? Does the person have a good speaking record? We really try to pride our selves with introducing the public with new speakers. So sometimes our presentations aren’t that polished but what we really after is good tact and little less about how good a person looks upfront. Because you know there are a lot of other conferences where you can find you know really polished speakers, delivering the same speech that they delivered 50 times before. We look for someone that has maybe delivered the speech once before, but it’s brand new.Omer: What’s your take on censorship policies??Jeff: It has never affected us. I think we have a little bit of self censorship, besides the security market is rapidly growing up and a lot of our speakers now work for companies. And sometimes companies don’t want to anger vendors for other customers. So we are finding it actually kind of hard now for some speakers for pointing out names of vendors with whom they had problems, because they have been told by their bosses that if you did that it will disrupt our business relations. So the independent researchers who have nothing to loose, they are usually very interesting as they can say and do whatever they want to. But sometimes you get people who get intimidated when you start working for big companies.Omer: You have been associated with the security market since its very beginning. Why do you think that there is a gap between an actual product development and security?Jeff: I think still a lot of decisions are based on marketing claims which necessarily don’t match reality. A lot of purchase decisions are made by the people who aren’t informed enough to make those decisions. So a typical example is the CFO is golfing with Microsoft representative or something and he get tossed into buying the new product. So he tells his IT Managers that we are now going to deploy the new Microsoft product and instead of the decision to be based on bottom up. The managers decide to do it top down. “We are buying oracle!” instead of people down below saying “hey we can do this in MYSQL or some other data base for half the price”. So I think there has been a disconnect from the very beginning on purchasing depending on how company is set up. And once the product is purchased, a lot of times people don’t properly account for them. I mean the amount of time required to monitor these programs, how many companies have IDS system deployed? But nobody has watched the output. They review the out put like weekly. That’s a little too late, incase you know you been attacked. And the more and more these systems have people deployed, they have BYT boxes on it, they have IDS and ITS, they have more routers, they have automated voice response systems, the web servers, the mail servers, hey have all these appliances of load balancers, application accelerators and there are so many boxes on the network in bigger companies now. But there aren’t enough people to watch them all! I was talking to a bunch security guys at a committee gathering in Seattle and I was asking them how many boxes do you have on you network? That aren’t servers they are just like other things you know. SNMP, Trap managers, logging servers etc. and they had like 28 – 30 boxes. They have to manage all of them.Omer: Each box gives a new avenue for vulnerability and maintenance..Jeff: Yes and each one of them, you have to be constantly updating and maintaining it. It’s almost more then a full time job. Track all the bios versions, active control policies etc.Omer: And then there is human error as well..Jeff: Yes, that is true. Even a guy who got hired and then moved away, he was the only one who knew how to manage and had the understanding for it. And the new guy has to come along and figure it out himself. That’s why you can burn Rome in a day but it takes a life time to build.Omer: Do you think that there has to be a better process for revealing vulnerability rather then a full disclosure? Maybe a table talk with the vendor before revealing it to the whole world?Jeff: That kind of works in the beginning. But the problem is that if you told the vendor, the vendor might not tell the greater world. What would happen is why I would need to upgrade my Sun OS. I don’t need to upgrade my Sun OS. And Sun is not going to say you better got upgraded to those 5 critical vulnerabilities, they would just hope people would upgrade. And so people without being told, why wouldn’t bother upgrading. So if Sun keeps on saying that well there are critical vulnerabilities, then people are going to go trying to look at what they are and I think it becomes more and more time consuming only. As the researcher spend all the time to find some bugs, his job is not to spend the next 3 weeks holding the hand of the vendor, explaining everything to them. They want to just get on with life and do the next thing. So it can be faster and easier for the bug finder too. More likely he will go, find more bugs and the world will come to benefit due to his research. But if it’s going to bog him down with weeks and weeks of effort, he wont do it publicly but he won’t tell us. He is still going to talk to his friends about it but we wont get the benefit.Omer: Next 2 years, where do you see DefCon and Black Hat heading?Jeff: I think office applications and web services would be something new for us. May be more and more clever attacks on browsers, particularly mobile browsers and Java scripting, dynamic web pages and cross site scripting is still a difficult problem to solve. What we plan to do with DefCon and Black Hat is to introduce more hardware related researches, I mean all those embedded systems in your infrastructure are only appliances with vulnerable software written on top of it. I think this is an area that the world has forgotten about. Hardware hacking is whole unproven green field just right for exploitsOmer: Jeff, Thank you for your time. It has been a pleasure talking to you.Jeff: Thanks a lot.Interview concluded.

How to Buy Christmas Presents Without Breaking the Bank

I have kids that are 16, 13,10 and 6 years old. We all know that when kids get to this age that they want gifts that are expensive. All their friends have new mp3 players, high tech video games, cell phones, etc. As working parents we know how much these things cost.I work at a factory, so spending hundreds of dollars on the newest gadget isn’t in my
Budget. But since we love our kids and want to give them things they actually want and like, it makes it tough on us. So every year we spend too much money and then the bills come in, and our eyes bug out. Then we have to try and get overtime to pay them off. If you are lucky, you will pay off those bills before next Christmas.I have found items that kids do like that aren’t that expensive. Since it is winter, most kids like to get warm pajamas and slippers. Believe it or not, even my 16-year-old daughter loves to get pajamas with cool characters on them. The younger kids love to get
slippers with Spongebob, Barbie, or whoever is popular at the time.You can get most of these items for around $20. Not only that, but since my girlfriend likes to keep the heat at around 64 degrees, I wouldn’t mind a set of flannel pajamas myself.Not to mention the fact that my 2 older children don’t really care for toys anyway, so it would really be a waste of money to buy these things.The other thing I have noticed is my 16 year old and many of her friends are into the retro look. You know, the clothes that we wore at their age, that we had hoped were lost forever. But it does make it easier to buy clothes without emptying your wallet. I think every city now has these resale stores, you know the ones, they sell used clothes, and when I go in them my allergies start bothering me. You can get some great deals in these stores.Another great place to buy gifts is Ebay. I know some people are leery about buying online, but I have never had any problems. You can get some good deals on Ebay, but you have to be careful. If you have a product in mind you can check prices at different websites, like shopping.com or bizrate.com. Then you can make sure you are getting a good deal. The other thing with eBay is to make sure to check the feedback of the person you are buying from. This tells you what other people thought of this seller. The last thing to check is the shipping charge. Some people sell things low, but charge a huge amount for shipping.No matter what you choose, using the internet for research or purchase is a great time
saver, and maybe even a money saver. So good luck with your Christmas shopping this year and DON’T break the bank.

California Sunbounce Micro Mini 2 x 3 Feet Kit – Reflector Panel Kit with Frame and Carry Bag-Silver/White

Affordable California Sunbounce Micro Mini 2 x 3 Feet Kit – Reflector Panel Kit with Frame and Carry Bag-Silver/White

  • It is the only truly rigid frame system because it is 3-Dimensional.
  • It is extremely light despite its size.
  • The screen remains taut because it can be tensioned like the skin of a drum.
  • Only the very best quality fabrics are used.
  • No velcro fasteners are ever used.

Read More of California Sunbounce Micro Mini 2 x 3 Feet Kit – Reflector Panel Kit with Frame and Carry Bag-Silver/White…

Sunbounce Micro Mini (2 x 3 ft) Kit-Silver/White Reflector Panel Kit with Frame and Carry Bag(Item #: 1MM-M10)The amazing little reflector that puts the other pop up reflectors to shame. No longer will you have to fight to find the sweet spot, or watch as your reflector folds up in the wind. The perfect reflector for portraits and small objects-in the studio or outside. Also works amazingly when you add a Sunbounce Flash Bracket to attach your speedlight for ape’ing that natural light.Frame-This patented, three-dimensional and collapsible frame is super light and extremely stable. The modular system allows you to combine every frame with the appropriate screen, making it a reflector, diffuser, or light blocker (shade). These special frames, made by hand from anodized aluminum, can be collapsed in seconds to fit into an approx. 6-8cm diameter bag. All SUNBOUNCE items have a maximum length of 135cm. Thanks to the crossbar and clamp integrated into the frame, it can be held in many different ways-comfortably by hand or by attaching it to a tripod.Screen-In combination with our patented frame, the screen is stretched as taught as a drumhead, which guarantees reliably consistent light and no flickering.

Where to buy
California Sunbounce Micro Mini 2 x 3 Feet Kit – Reflector Panel Kit with Frame and Carry Bag-Silver/White

Canon Speedlite 600EX-RT Flash + 3pc Bundle Accessory Kit for Canon EOS 1D, 1DS, 1D X, 5D Mark II III, 60D, 7D, Rebel T3, T3i, T4i Digital SLR Cameras

Affordable Canon Speedlite 600EX-RT Flash + 3pc Bundle Accessory Kit for Canon EOS 1D, 1DS, 1D X, 5D Mark II III, 60D, 7D, Rebel T3, T3i, T4i Digital SLR Cameras

  • This Kit includes 4 items all with USA Warranty and manufacturer’s supplied accessories
  • Canon Speedlite 600EX-RT Flash; features new wireless multiple flash system
  • Universal Soft Box Flash Diffuser
  • 4 High Capacity AA Nimh 2700 Mah Rechargeable Batteries
  • AC/DC Rapid Battery Charger – 8 Slot Battery Holder

Read More of Canon Speedlite 600EX-RT Flash + 3pc Bundle Accessory Kit for Canon EOS 1D, 1DS, 1D X, 5D Mark II III, 60D, 7D, Rebel T3, T3i, T4i Digital SLR Cameras…

Canon’s new Speedlite 600EX-RT is engineered to provide a new level of performance and reliability for professional flash photography with today’s most advanced DSLRs. With wireless two-way radio communication, the Speedlite 600 EX-RT allows photographers to expand their creativity using wireless speedlites with the reliability of radio triggering. The Speedlite 600EX-RT offers an expanded zoom range and a higher guide number, plus a number of improvements over its predecessor in both operation and feel. It features a new dot-matrix LCD panel for display of all pertinent shooting information, backlit controls plus an internal sound generator. Reliability is ensured with improved hot shoe contacts, improved flash head durability and the most comprehensive dust and water sealing system ever on a Canon Speedlite flash. A new color filter holder helps maintain accurate color in a variety of ambient light conditions.
++PLUS++ Accessory Kit: Universal Soft Box Flash Diffuser; softens the light so your photos will be well exposed, without the harsh glare spots. – 4 High Capacity AA Nimh 2700 Mah – 4 High Capacity AA Nimh 2700 Mah Rechargeable Batteries – AC/DC Rapid Battery Charger – 8 Slot Battery Holder.

Where to buy
Canon Speedlite 600EX-RT Flash + 3pc Bundle Accessory Kit for Canon EOS 1D, 1DS, 1D X, 5D Mark II III, 60D, 7D, Rebel T3, T3i, T4i Digital SLR Cameras

Genus GL GNDF-52 ND 52 mm Fader Circular Filter System

Best reviews of Genus GL GNDF-52 ND 52 mm Fader Circular Filter System

  • Variable Neutral Density adjustable up to 8 stops
  • Allows greater control of shutter speed and depth of field
  • Index marks on edge of filter for exact adjustment

Read More of Genus GL GNDF-52 ND 52 mm Fader Circular Filter System…

The Genus ND Fader is a compact all-in-one variable neutral density fader filter that adjusts the amount of light reduction with just the twist of your wrist. The index marks on the filter let you know exactly the amount of reduction at a glance. Giving you clear and precise shots at whichever density you are using. ND filters allow slower shutter speeds or decreased depth of field giving great control of the look of a scene. The GNDF screws in beautifully onto your lens and is an invaluable tool to enhance your images. This filter is designed to fit lenses with a 52mm filter size.

Where to buy
Genus GL GNDF-52 ND 52 mm Fader Circular Filter System