An analisys of the C variant of Conficker
Via Jeremiah Grossman: Detecting browsers which are in incognito mode – Interesting. It is based on the CSS history color hack and works because browsers in incognito mode seem to report all URL’s as not visited, even if the visit occurred in the same session.
From Joanna Rutkowska: Attacking SMM Memory via Intel® CPU Cache Poisoning (link to PDF). Very cool. Basically the Intel CPU cache doesn’t respect the protection of SMM Memory under some conditions and writes back the changes to it (even though it shouldn’t). Nice one!
From zillablog: The web IN your database – it muses on how Yahoo Pipes could be compared to a relational database. It also references a 2007 article Yahoo! Pipes and The Web As Database – hmm, I find the comparison with Microsoft Access objectionable 🙂
From Reddit Reverse Engineering come the following links:
- Stephen A. Ridley – Introduction to Windows Kernel Security Development [PDF]
- Julio Auto – Practical (Introduction To) Reverse Engineering [PPT]
- Tiago Assumpção – BinNavi v2 [PDF]
- Anti-Debugging – A Developers View [PDF]
The first three are from the uCon conference. You can check out the other slides here.
From The Old New Thing: Defense in depth means that you protect against exploits that don’t exist yet
Picture taken from quinn.anya’s photostream with permission.