-
Secure erase
Fun (curious) fact: all recent (newer than 2006) have ATA commands in them specifically for wiping the data off of them. There are at least two advantages to this method: It wipes all sectors (including sectors marked as bad by the internal tables) It is faster You can get the program which initiates such a…
-
Mixed links
Installing DokuWiki on a SourceForge account – it seems that SF has some more complex security policies (which is good), but it takes a little command-line kung-fu to install DW (because it needs write access to some directories). Guaranteeing deletion – an interesting thought-experiment on how to guarantee the fact that a hostile system executes…
-
Weather Brains
Weather Brains is an excellent podcast if you are even remotely interested in weather. Released weekly, it is a hour or so of fun and information. There are multiple hosts (always a plus, it is very hard for a single host to keep an interesting tone) and a professional voice quality (which is not a…
-
WPA2 is still hard
Some time ago I found out that you have to install some not-so-well-documented updates (which are not delivered automatically by Windows Update) to use WPA2 to encrypt the traffic of your wireless network (and it is advised to use WPA2, since all the prior standards have known weaknesses). However I was unpleasantly surprised that support…
-
Walking with objects
Some time ago I’ve read David Wheeler’s blogpost about using the OBJECT tag to embed HTML in your HTML :-). One of the things which peaked my interest was the question: what are the security implications of using this method? Specifically I was interested if the same cross-domain / same-policy rules applied to interaction between…
-
Pi day and other ramblings
The USA congress decided that March the 14th is national Pi day (from chuckchat.com). While I’m not a USA citizen and live nowhere near it, I still thought that the idea is cute. Math can be fun (even though the education systems gives the opposite impression frequently). A fun fact which I was amazed by…
-
A few words about hackersblog
If you read security news, you most probably have already heard about hackersblog.org. It is blog created by a couple of my compatriots who feel that just talking about vulnerabilities in web websites is not enough and they must attract attention by actively exploiting the flaws and the posting their “trophies” Zone-H style. As you…
-
Detecting malicious hosts with p0f
Lately I’ve posting a little malicious hosts, and here is the latest installment of the series: The basic idea is: infected computers (“bots” or “zombies”) can be be used to perform network actions on behalf of their “masters”. Some of these actions are usually done by “server class” machines. Two examples for such actions are: sending…
-
Updated VTUploader – renamed to OVScan
I updated the the script I originally published for submitting files to VirusTotal and renamed it OVScan (Online Virus Scan). What has changed: Added support for multiple sites Added support for submitting via SSL (if the site supports it) Added support for a per-file timeout Get it while it’s fresh from the source-code repository (to…
-
Blogger tag plugin
I wanted to install the the Cumulus plugin for Blogger, however I realized that I have too many tags :-), so here is a static snapshot instead. Blogumulus by Roy Tanck and Amanda Fazani Update: reduced the number of tags to avoid hogging the CPU. Update: the server hosting the javascript / flash files went…