-
Rookits? Who needs rootkits?
What are rootkits and why are they dangerous? You can read the detailed explanation at Wikipedia which I won’t reproduce, but the basic idea is that they alter the operating system (using either documented or undocumented methods) so that certain objects (processes, directories, files) become invisible. They are very dangerous because they breed new life…
-
Bye-bye DHTML Editing
While browsing on the MSDN website, the following article caught my eye: Replacing the DHTML Editing Control in Windows Vista and Beyond. It seems that starting with Windows Vista the fast and dirty way to add WYSIWYG editing to your web pages with IE won’t be available any more because the needed ActiveX component won’t…
-
Software vs. Hardware firewalls
I’ve already done my post for the day and was listening to episode 56 of Security Now when I’ve heard something that ticked me of. I hear this all the time from various sources (but those are mostly uninformed and not security experts). This won’t be an other Hack the Gibson post, although you can…
-
WAP
Yesterday I’ve participated in the local Windows Academic Program pitch. The main content was delivered by Adrian Marinescu. I can sum it up as a short version of the book Windows Internals. For the one of us who actually have read the book it was a little boring (although in the breaks I’ve managed to…
-
A (non-hacking) tutorial on elevating privileges on Windows
Running as a normal user can be real pain on Windows (however it has become better with every version). This is because every program runs on the behalf of a given user and the credentials of that user determine what the program can or can not do. Usually you wish to run as user to…
-
Apache and mod_proxy
We’ve been having problems with Apache and mod_proxy at the workplace for a couple of days. The scenario was the following: there is server A which listens on HTTPS (with Apache) and server B which uses mod_proxy to serve the contents for A in a subdirectory. B runs CentOS with Apache 2.0.52. The issue was…
-
Password security on popular sites
We use (and sometimes reuse, although we shouldn’t) passwords on the web every day. There has been so much talk about password security lately that the least we should expect is that the big sites have proper passwords policies. I will single out two of them here: digg.com – I’ve tried to register with them…
-
Hack the Gibson – for Episode #50
Read the reason for these posts. The issue of different ports: as you can read on Wikipedia, there are three categories of ports: Common ports: from 0 to 1023 (not 1024, but the first 1024! – we computer guys are sometimes a little weird with our numbers) – these are special in the sense for…
-
Hack the Gibson – for Episode #58
Read the reason for these posts. This episode was actually quite good and as far as I can tell there were no errors in it. But I just wanted to get the word out: unregister vgx.dll (instructions here – towards the middle of the page where it says “Suggested Actions”) and / or use a…
-
Hack the Gibson!
Hack the Gibson! First a piece of advice: don’t hack the Gibson if you don’t have written permission to do so :-). First go watch the movie. This series of posts wants to be an unofficial errata for the Security Now! podcast by Steve Gibson (this is the first and only time I’ll post this…