-
Hack the Gibson – Episode #59
Read the reason for these posts. Read Steve Gibson’s response. Finally, I’m getting in synch with the released episodes. This one is relatively error-free, I have only just a few comments to make: buffer overrun doesn’t always mean that the buffer is on the stack, it can be in the heap also. Hardware DEP prevents…
-
Things you (probably) didn’t know about your webserver
Today’s webservers are incredibly complex beasts. I don’t know how many of the people operating Apache have read the full specifications. I sure didn’t. So it should come as no surprise that there are hidden features in our servers (and some of them turned on by default), which can weaken our defenses. There are two…
-
What’s up with the pink?
I now that it looks funny, but it will be this way throughout the month of october as I’m going pink for october.
-
Companies, technology and security
When I saw this piece in my google reader, I thought: that’s interesting, so I headed over and checked it out thinking that I get some information about are the practices at big companies. Somewhat disappointingly it was just a link to a tutorial which looks like it was written by someone who is just…
-
Hack the Gibson – Episode #56
Read the reason for these posts. Read Steve Gibson’s response. Here I am again, as promised. I won’t turn soft because of a nice e-mail. (Then again I hope that these posts are of technical nature, they point out objective mistakes and don’t become a personal attack. If you think that I’m sliding in that…
-
(Yet an other) Javascript random password generator
Here is YARPG (Yet Another Random Password Generator). Why on earth would I do yet an other random password generator? Because I can :). Seriously: there are at least two random password generators out there that I’ve used, and I have some problems with them: The one that Steve Gibson created can not be customized…
-
Steve Gibson responds!
Steve Gibson responded to my blog postings. It’s a very nice response and I must say that maybe I’ve misjudged him. This doesn’t mean that I’m getting soft, but every side should get a chance to display his opinions. Here is the letter I’ve received (republished with the permission of the sender): I’m sorry that…
-
Wisdom of the crowds? Maybe not
Yesterday I’ve spotted the following article on the digg frontpage: PacMan written entirely in Excel. On the page it linked too I’ve found two games written in Excel and VBA (Visual Basic for Applications – the stuff macro viruses are written in). What is interesting that as of the time of me writing this there…
-
Traceroute on Windows and Linux
Did you know that the Linux version of traceroute uses UDP packets with various TTLs instead of ICMP echo requests by default? I sure didn’t, but thinking about it is a very smart way to do it. My only question would be: doesn’t this interfere with the operation of a server if you happen to…
-
Rookits? Who needs rootkits?
What are rootkits and why are they dangerous? You can read the detailed explanation at Wikipedia which I won’t reproduce, but the basic idea is that they alter the operating system (using either documented or undocumented methods) so that certain objects (processes, directories, files) become invisible. They are very dangerous because they breed new life…