-
Hack the Gibson #168
Read the reason for these posts. Read Steve Gibson’s response. Steve Gibson gets the description of the attack wrong (backwards): It’s possible to have something hiding below the surface, literally on, like, a layered page, where the user clicks on what they see, but what they’re actually clicking on is content on the page behind.…
-
How permissive is the Windows autorun.inf parsing?
While reading the F-Secure blogpost titled When is AUTORUN.INF really an AUTORUN.INF?, I was reminded of this masking technique – putting extra data between the relevant lines. But how tolerant is the autorun.inf parser (which I suppose in fact is the INI file parser) really? The example showed by F-Secure is quite mild, in the…
-
Using a single file to serve up multiple web resources
While trying to set up my GHDB mirror, my first thought was to use googlepages. I quickly found the bulk upload to googlepages how to by X de Xavier, which is a very cool tool (and also an interesting way to hack your “chrome”), but unfortunately I found that Google Pages has a limit of…
-
Microsoft – fail!
I’m not talking about the fact that they restarted my computer overnight – again! – because of a “critical” update (as far as I can tell the “critical” update was Windows Media Player 11 – WTF?) or about the fact that some of their utilities give you useless error messages (like “X has occured –…
-
Free Microsoft e-book: Writing Secure Code for Windows Vista
From /dev/random (where I stole the title from – because I’m a lazy bastard :-)): you can get an (electronic) copy of Writing Secure Code for Windows Vista by signing up for a free newsletter. I actually have read an older version of the book and found it very good. A large part of it…
-
Solution to the Ethical Hacker Challenge posted
Not to this one, but to an older one. This is the announcement and here is the winning solution. This one was actually one of the harder ones for me, I missed the hardware keylogger and didn’t figure out the Vigenere cipher.
-
Yet an other alternative for “Reverse IP”
Nitpicker’s corner: so the title it not 100% correct, since I’m focusing more on the question “what websites are hosted on this server” rather than “what DNS names is this server known under”. Here are some possible ways to answer this question: Do an actual reverse DNS lookup. The problem is that there isn’t actually…
-
GHDB mirror
Seeing that the GHDB (Google Hacking DataBase) might soon disappear (the site was offline for weeks recently for example), I grabbed a mirror of it and put it up on a free hosting website (no, not that one) – enjoy it while it lasts: the main page a link to each individual entry – this…
-
Mixed links
From the Notes & Thoughts blog: a new AV blog – the Avira blog. An other reason for linking to them is that it is impossible to find it from Google
(probably because they used “techblog” instead of “blog”). Keryx Tutorial: Bringing Updates Home – Keryx is a cross-platform tool to download Ubuntu packages…
-
Physical condition
I mentioned some time ago that I’ve started the one hundred pushups program. A small progress report (hopefully this can inspire others to start doing a little more exercise): In ~7 weeks (not counting the holidays) I went from 5 pushups to almost 60! This is not exactly the 100 which I should have done…