-
Using Procmon for finding malware
The scenario is: you know you are infected, because you’ve identified a process associate with a malware, but you can’t figure out how that given process is getting launched. A variation of this is: you kill the process, remove the executable but it reappears after a given amount of time / after reboot / etc.…
-
Oracle buys Sun (and gets MySQL)
Here is Monty’s (co-founder of MySQL, left SUN some time ago) opinion. On a more light-hearted note, here are some Slashdot comments 🙂 Fro rho – a good example for why case sensitivity is important: > Their string comparisons are case sensitive. 8.4 has citext. Or you can make an index with lower() on the…
-
Mixed links
We start off with a rebuttal from VMWare to a video posted by Microsoft comparing Hyper-V and VMWare ESX. While I’m no fan of any big company, such misleading marketing attempts should be considered unethical and maybe even illegal, since it contains mischaracterizations of some features like the page sharing between VMs. While in this…
-
Social engineering for malware – a bright future
Some time ago I wrote a post in which I pondered the deficiencies of the “executable file” definition and the implications for whitelisting products. The problem is that “data” files can also result in actions being taken (and we don’t even need arbitrary code execution type of vulnerabilities for that). The particular example given the…
-
Interesting method for website blocking
Quick note: I was listening to the latest episode of Watchguard’s Radio Free Security podcast (no relation with them, other than a listener to the podcast) and they discussed an interesting technique for filtering websites (I’m no fan of traffic filtering, but the technique seemed interesting): Usually SSL requests are either blocked by the target…
-
Interesting videos
It seems that the Internet is helping more and more to find the equilibrium point between the needs of “big media” and “independent media”. In this post I would like to mention two sources of useful / interesting videos: The first would be the videos from the TED (Technology, Entertainment, Design) conference (credit goes to…
-
Weird Sybase JDBC driver issue (jConnect)
I post this so that the search engines can pick up on it and maybe it can help somebody out. I had the following issue with the Sybase JDBC driver (jConnect): I was calling a stored procedure and it was throwing an error. However these errors weren’t propagated to the Java code in form of…
-
Be an (imaginary) hero
I got the link from splitbrain.org, however I was hesitant to post the image, since the site didn’t display any information about the conditions of using it: Make your own at www.cpbherofactory.com However I finally got a response from the cpbgroup (the creators of the Hero Factory), in which they state that I can use…
-
User input, by any other name
A friend of mine posed me an interesting question: how is it possible that a CMS software, which displayed the IP addresses for comments made anonymously (instead of the username) showed a private IP (like 172.16.63.15)? Before I get to the actual explanation, here are some specific clarifications which should be made: IP addresses are…
-
Hackish method to include custom content into CruiseControl
Disclaimer: I’m a CruiseControl newbie, so there might well be a much better / simpler / cleaner method to achieve this. However this is the way I managed to get it working. Write your (Perl) script and make it output something like this: <testsuite tests="0" name="summary" failures="0"><system-out> foo bar </system-out></testsuite> Make your script run during…