-
Mixed links
An analisys of the C variant of Conficker Via Jeremiah Grossman: Detecting browsers which are in incognito mode – Interesting. It is based on the CSS history color hack and works because browsers in incognito mode seem to report all URL’s as not visited, even if the visit occurred in the same session. From Joanna…
-
Installing the webhoneypot on OpenWrt
This is a raw tutorial for installing webhoneypot on a router running OpenWrt. The used version is Kamikaze 8.09 (this can be important because commands change between version). The tutorial is not 100% complete and I will update it in the future when I learn new information. An other assumption I make is that you…
-
Mixed links
From HolisticInfoSec.org: Online finance flaw: At least AIG got this one right – a good example (finally!) on how to handle vulnerability reports. Via the Security4All blog: The Untold Story of the World’s Biggest Diamond Heist – very cool and a good reminder that you must consider the resources an attacker is willing to invest…
-
MMassively Parallel Computing 🙂
I am a fan of BOINC, which uses distributed computing to solve massive problems (some very serious, like finding a cure to certain types of cancer, others more abstract, like finding prime numbers). The problem however is ease of use and distribution. You have to (a) know that this software exists and (b) know how…
-
BadwareBuster.org goes live
Via StopBadware.org: BadwareBuster.org removes the beta label and goes live. It is a forum that tries to help people who are struggling with a malware problem, either on their home computer or on their website. What I liked: Full RSS feed to the site (so that it can be mined for malicious URL’s for research…
-
Secure erase
Fun (curious) fact: all recent (newer than 2006) have ATA commands in them specifically for wiping the data off of them. There are at least two advantages to this method: It wipes all sectors (including sectors marked as bad by the internal tables) It is faster You can get the program which initiates such a…
-
Mixed links
Installing DokuWiki on a SourceForge account – it seems that SF has some more complex security policies (which is good), but it takes a little command-line kung-fu to install DW (because it needs write access to some directories). Guaranteeing deletion – an interesting thought-experiment on how to guarantee the fact that a hostile system executes…
-
Weather Brains
Weather Brains is an excellent podcast if you are even remotely interested in weather. Released weekly, it is a hour or so of fun and information. There are multiple hosts (always a plus, it is very hard for a single host to keep an interesting tone) and a professional voice quality (which is not a…
-
WPA2 is still hard
Some time ago I found out that you have to install some not-so-well-documented updates (which are not delivered automatically by Windows Update) to use WPA2 to encrypt the traffic of your wireless network (and it is advised to use WPA2, since all the prior standards have known weaknesses). However I was unpleasantly surprised that support…
-
Walking with objects
Some time ago I’ve read David Wheeler’s blogpost about using the OBJECT tag to embed HTML in your HTML :-). One of the things which peaked my interest was the question: what are the security implications of using this method? Specifically I was interested if the same cross-domain / same-policy rules applied to interaction between…