It’s Alive!

Please welcome a new codex of web security, Hacking Web Apps! The print version arrived today; having taken physical manifestation after a long year of keystrokes and mouse clicks painstakingly conjuring it to life. It’s an update of the Seven Deadliest Web Attacks (namesake of this site), with more content, more screenshots, and, of course, more references to science-fiction and the living dead. Oh, and some HTML5 thrown in.

And, apparently, my home address. Right there at the opening of each chapter. The summoning process must have neglected a circle of salt, or used the wrong scented candle, to have let that slip through. Now, I’ve read enough Jane Austen, seen enough Shakespeare, to recognize there’s an irony here. I get it. So, what to do?

First, let me introduce you to Amateur Radio. Learning about Amateur, or “ham” radio starts off with Morse code and memorizing color bands on resistors, but quickly leads to the realization that the AM/FM dial in your car is but a minuscule view of the spectral world. (Beyond even the UHF dial on prehistoric TVs, where you could find barely-dubbed kung-fu or inscrutably plotted sci-fi movies.) But what ham radio is really about is tinkering with hardware and electricity so you can find other people — anyone in the whole world — to talk to about their hardware tinkering, their rigs, in ham parlance. With a good antenna and some applied Calculus, you could even reach out of this world to the Space Shuttle or the International Space Station.

Ham radio has a collegial practice of sending so-called QSL cards to acknowledge the date, time, frequency, and station location of a contact. They’re basically a postcard-based collection system for connection logging. (This was a much bigger deal and a fun diversion before the internet shrank world-wide communication to the ubiquitous email.) As postcards, they might be plain, bearing your station callsign and a few fields for things like writing down a frequency, or they could be works of beauty, showing off your rig, your hometown, a pet, or your second-grader’s fridge art.

Somewhere in deep storage, next to some Jackie Chan laserdics (including City Hunter!), I have a few dozen or so QSL cards. (Compare this to other hams whose collections easily surpass hundreds.) My coolest ones tended to be from eastern European countries, with their Cyrillic writing and culturally-distant locations. (Consider that this was the era just before the Berlin Wall came down, when the USSR still existed on maps, and I was being entertained by movies like Red Dawn and Spies Like Us.) On the other hand, the most remote DX I can remember was America Samoa.

Anyway, there’s no way to QTA the address now that it’s inscribed in one of Gutenberg’s distant progeny. Instead, let’s try the QSL approach to, ahem, address the issue.

If you feel so compelled, send a postcard from your home town. Or follow the old 2600 routine and send a picture of a pay phone (or cell tower? do pay phones still exist?). I’ll post interesting ones here. Even better, send a picture of Hacking Web Apps on a monument, like one of the old PDPs in Warsaw’s Museum of Technology, prop it next to Turing at Bletchley Park, or pose it with a moldering statue in front of some centuries-old palace.

Don’t send anything else. Email is the easiest way to say hi. Leave a comment in one of the threads. Stop by twitter if it’s something short. Or just stop by the book’s Amazon page to “like” it.

Oh, and stay tuned. There’s some more interesting Amazon-related news to come. About a hack two years in the making…

Published by Mike Shema

Security, RPGs, and writing. Immersed in music (80s), sci-fi (dystopian), and horror (spooky). #synthwave Host of the Application Security Weekly podcast.